1 An overflow flaw was fixed in Lua 5.2.2:

     2 

     3   http://www.lua.org/bugs.html#5.2.2-1

     4 

     5 This could cause the application to crash or, potentially, execute arbitrary

     6 code. One way an attacker could trigger this issue is if they can control

     7 parameters to a loadstring call (an eval in Lua,

     8 http://en.wikipedia.org/wiki/Eval#Lua).

     9 

    10 See also:

    11 

    12   https://bugzilla.redhat.com/show_bug.cgi?id=1132304

    13 

    14 --- lua-5.1.4/src/ldo.c.orig	2014-08-31 09:15:30.815313542 -0700

    15 +++ lua-5.1.4/src/ldo.c	2014-08-31 09:21:37.935417299 -0700

    16 @@ -273,7 +273,7 @@

    17      CallInfo *ci;

    18      StkId st, base;

    19      Proto *p = cl->p;

    20 -    luaD_checkstack(L, p->maxstacksize);

    21 +    luaD_checkstack(L, p->maxstacksize + p->numparams);

    22      func = restorestack(L, funcr);

    23      if (!p->is_vararg) {  /* no varargs? */

    24        base = func + 1;