Severity: Unknown
Affected Package: lua
Summary: C stack overflow in lua_resume via a maliciously crafted script
lua_resume() did not check for C stack overflow before resuming a coroutine, allowing a stack overflow to be triggered by a maliciously crafted Lua script. Fixed by updating contrib/lua to 5.4.7, which adds the missing C stack check in ldo.c.
No specific recommendations provided.
Aliases: CVE-2021-43519
Published: June 11, 2026
Last Modified: June 11, 2026