How to Report

If you find a new vulnerability from Lua, you can report it, but how? This post would be helpful to those who are trying to report Lua vulnerabilities.

4 min read

0-day exploitable vulnerability in Lua interpreter

Although many crashes were generated from our fuzzer, not all of them were exploitable. Actually, most of them were just trivial bugs. However, we found an exploitable use-after-free crash. This crash happens during garbage collection in Lua. In this post, we show how the newest Lua interpreter is exploitable(i.e. executing /bin/sh).

20 min read

Applying to Host Programs

We selected ten widely-used host programs that use Lua script for plugins. Although we cannot show names of the host programs chosen, we basically used similar methods to apply our vulnerabilities.

5 min read

Vulnerability Analysis

With tools and knowledge prepared, we had excavated several vulnerabilities in Lua. In this post, you can figure out discussions we had made in Lua-l. As Lua is open-source language, you can see lots of people giving their opinions about our analysis.

2 min read

Code Auditing

Code auditing is literally analyzing codes to find software vulnerabilities. Lua is an open-source language, so we can audit code by inspecting C codes that consist Lua. While analyzing crash files, we often had hard time understanding some logics. Those kinds of crash were generated during garbage collection process. In order to fully grasp root cause of the crash, we audited garbage collection related codes in Lua.

24 min read

Analyzing Crash Files

From the implemented fuzzer, thousands of crash files were generated. Since we are just a small team and we had limited time for this project, we needed some strategy to classify our crash files. Also, as crash files were .lua script files, we spent much time on analyzing root cause of crash files. We believe this post would be helpful to those who are trying to analyze lua script that causes crash on Lua interprerter.

12 min read

Fuzzing Lua Interpreter

Nowadays, as application programs have lots of feature, it is not easy to find vulnerabilities by simply analyzing codes or binaries. Fuzzing can be an efficient way of finding software vulnerabilities. However, there was no fuzzer that targeted Lua. We needed to implement our own Lua fuzzer. Thorugh trial and error, we developed a fuzzer that aims at Lua interpreter. It was not an easy task. We hope some readers to improve our fuzzer to discover hidden vulnerabilities in Lua!

23 min read

Previous Vulnerabilites

We started our security research on Lua by analyzing1-day vulnerabilites. Case studying previous vulnerabilites may be helpful to excavate new vulnerabilites. Specifically, we reviewed sandbox escape vulnerability in Lua v5.2, and previous CVEs related Lua.

39 min read

What is Lua?

So, what is Lua? Lua is a lightweight, embeddable scripting language. For detailed information, we recommend you to refer official website of Lua and “Programming in Lua”. Although some of you might not heard about Lua, it is actually embedded on many famous host programs to support scripting. In this post, we will explain major attributes of Lua and give real examples of host programs that use Lua.

13 min read

Introduction

Hi, we are students from Korea, and are interested in cybersecurity. We belong to BoB(Best of the Best) which is a government supported 8-month program that trains passionate students to become cybersecurity experts. You can find more information about BoB from the link below.

3 min read