{"id":"CVE-2020-24369","details":"ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.","aliases":["BIT-lua-2020-24369"],"modified":"2026-03-12T02:17:28.668132277Z","published":"2020-08-17T17:15:13.817Z","related":["openSUSE-SU-2024:11029-1","openSUSE-SU-2025:15401-1"],"references":[{"type":"ADVISORY","url":"https://github.com/lua/lua/commit/ae5b5ba529753c7a653901ffc29b5ea24c3fdf3a"},{"type":"ADVISORY","url":"https://www.lua.org/bugs.html#5.4.0-12"},{"type":"FIX","url":"https://github.com/lua/lua/commit/ae5b5ba529753c7a653901ffc29b5ea24c3fdf3a"},{"type":"EVIDENCE","url":"https://www.lua.org/bugs.html#5.4.0-12"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/lua/lua","events":[{"introduced":"0"},{"fixed":"ae5b5ba529753c7a653901ffc29b5ea24c3fdf3a"}]}],"versions":["v1.2","v2.1","v2.2","v2.3-beta","v2.4","v2.4-beta","v2.5","v2.5-beta","v2.5.1","v3.0","v3.0-alpha","v3.1","v3.1-alpha","v3.2","v3.2-beta","v4.0","v4.0-alpha","v4.0-beta","v4.1-alpha","v5.0","v5.0-alpha","v5.0-beta","v5.1","v5.1-alpha","v5.1-beta","v5.1.1","v5.2-alpha","v5.2-beta","v5.2.0","v5.2.1","v5.2.2","v5.3-alpha","v5.3-beta","v5.3.0","v5.3.1","v5.3.2","v5.3.3","v5.3.4","v5.4-alpha","v5.4-beta","v5.4-w2","v5.4.0"],"database_specific":{"vanir_signatures":[{"target":{"file":"ldebug.c"},"signature_version":"v1","id":"CVE-2020-24369-09480371","source":"https://github.com/lua/lua/commit/ae5b5ba529753c7a653901ffc29b5ea24c3fdf3a","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["191357327930270353914184361696403200245","81257735572345837800767669984728473029","79202178554810973801731794510384921731","214496039041368728151161948384834180113","327015659194682228887671907297498597185","131947794654282215377006389794341554693","142406554357787015911062368758120942388","283583517597706205043460995415619269999","252187278128377095359608730677865696776"],"threshold":0.9}},{"signature_version":"v1","id":"CVE-2020-24369-708972b8","target":{"file":"ldebug.c","function":"changedline"},"source":"https://github.com/lua/lua/commit/ae5b5ba529753c7a653901ffc29b5ea24c3fdf3a","deprecated":false,"signature_type":"Function","digest":{"function_hash":"112196691550847094243539598721974676716","length":233}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-24369.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}