With tools and knowledge prepared, we had excavated several vulnerabilities in Lua. In this post, you can figure out discussions we had made in Lua-l. As Lua is open-source language, you can see lots of people giving their opinions about our analysis.
lua-l report vunlnerability
1) Lua 5.4.4 Sandbox Escaping & Type confusion caused by the absence of type check
http://lua-users.org/lists/lua-l/2021-10/msg00104.html
2) Recursive coroutine with pcall leads to stackoverflow of interpreter
http://lua-users.org/lists/lua-l/2021-10/msg00123.html
3) Error handling with To-be-closed variable declared inside coroutine causes use-after-free read/write
http://lua-users.org/lists/lua-l/2021-10/msg00131.html
4) SEGV that occurs during error handling that occurs in the __close metamethod of to-be-closed after calling os.exit
http://lua-users.org/lists/lua-l/2021-11/msg00195.html
5) Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit
http://lua-users.org/lists/lua-l/2021-11/msg00186.html
6) Erroneous finalizer called during tail call leads to heap buffer overflow
http://lua-users.org/lists/lua-l/2021-12/msg00019.html