Security #8065: lua: stack overflow from unbounded stack allocation in LuaPushStringBuffer - Suricata - Open Information Security Foundation

Actions

Copy link

Security #8065

closed

PA VJ

lua: stack overflow from unbounded stack allocation in LuaPushStringBuffer

Security #8065: lua: stack overflow from unbounded stack allocation in LuaPushStringBuffer

Added by Philippe Antoine 5 months ago. Updated 5 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

9.0.0-beta1

Affected Versions:

Label:

CVE:

2025-64344

Git IDs:

Severity:

MODERATE

Disclosure Date:

Description

=================================================================
==24181==ERROR: AddressSanitizer: stack-overflow on address 0x7000002a63f8 (pc 0x00010a6b4e02 bp 0x700000325e10 sp 0x7000002a6400 T4)
    #0 0x00010a6b4e02 in LuaPushStringBuffer util-lua.c:328
    #1 0x00010ab112a7 in precallC ldo.c:536
    #2 0x00010ab11a78 in luaD_precall ldo.c
    #3 0x00010ab68e1d in luaV_execute lvm.c:1685
    #4 0x00010ab120c3 in luaD_callnoyield ldo.c:662
    #5 0x00010ab0e659 in luaD_rawrunprotected ldo.c:141
    #6 0x00010ab13767 in luaD_pcall ldo.c:964
    #7 0x00010aaee351 in lua_pcallk lapi.c:1064
    #8 0x00010a3711ec in DetectLuaRunMatch detect-lua.c:178
    #9 0x00010a2197ba in DetectEngineInspectGenericList detect-engine.c:1956
    #10 0x00010a446a55 in DetectRun detect.c:190
    #11 0x00010a41efb4 in Detect detect.c:2383
    #12 0x00010a47237a in FlowWorker flow-worker.c:667
    #13 0x00010a618126 in TmThreadsSlotVarRun tm-threads.c:137
    #14 0x00010a622627 in TmThreadsSlotVar tm-threads.c:506
    #15 0x00010c9d3186 in asan_thread_start(void*)+0x46 (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0xdb186)
    #16 0x7ff804bff18a in _pthread_start+0x62 (libsystem_pthread.dylib:x86_64+0x618a)
    #17 0x7ff804bfaae2 in thread_start+0xe (libsystem_pthread.dylib:x86_64+0x1ae2)

SUMMARY: AddressSanitizer: stack-overflow util-lua.c:328 in LuaPushStringBuffer

Subtasks 2 (0 open — 2 closed)