An overflow flaw was fixed in Lua 5.2.2:
http://www.lua.org/bugs.html#5.2.2-1
This could cause the application to crash or, potentially, execute arbitrary
code. One way an attacker could trigger this issue is if they can control
parameters to a loadstring call (an eval in Lua,
http://en.wikipedia.org/wiki/Eval#Lua).
See also:
https://bugzilla.redhat.com/show_bug.cgi?id=1132304
--- lua-5.1.4/src/ldo.c.orig 2014-08-31 09:15:30.815313542 -0700
+++ lua-5.1.4/src/ldo.c 2014-08-31 09:21:37.935417299 -0700
@@ -273,7 +273,7 @@
CallInfo *ci;
StkId st, base;
Proto *p = cl->p;
- luaD_checkstack(L, p->maxstacksize);
+ luaD_checkstack(L, p->maxstacksize + p->numparams);
func = restorestack(L, funcr);
if (!p->is_vararg) { /* no varargs? */
base = func + 1;