Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit
From: "Pierre Chapuis" <catwell@...>
Date: Thu, 09 Dec 2021 12:51:40 +0100

On Thu, Dec 9, 2021, at 11:47, Roberto Ierusalimschy wrote:
>> By the way, If you plan the patch to be applied in version 5.4.5 or later,
>> may I report this crash into MITRE?
>
> Yes, we plan to fix it in version 5.4. I am not sure I know what is
> MITRE, but the report is already public.

MITRE is the organization that maintains the CVE list. Reporting
something to them means assigning a CVE number to the bug.

-- 
Pierre Chapuis

References:
- Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit, 김지회
- Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit, Roberto Ierusalimschy
- Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit, 김지회
- Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit, Roberto Ierusalimschy

Prev by Date: Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit
Next by Date: Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit
Previous by thread: Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit
Next by thread: Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit
Index(es):
- Date
- Thread