Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file. This affects Redis.
Comment From: MeirShpilraien
Thanks @Lee-nju , we are looking into it, so far we do not see that its exploitable in Redis but I keep looking deeper. Will update soon.
Comment From: MeirShpilraien
From what I can see the Lua version on Redis (5.1.5) is not vulnerable to this issue. On Lua 5.1.2 there was no check to MAX recursion on co-routines so even this script reaching stack overflow: local function func() func(); end func().
But on Lua 5.1.3 this check was added and its not crashing (even on the example given on the CVE description):
127.0.0.1:6379> eval "local function func() pcall(1); coroutine.wrap(func)(); end func()" 0
(error) ERR Error running script (call to f_f4eaeaf1fc7a74afb3797acbdd69991738fab2bf): @user_script:1: user_script:1: user_script:1: ... user_script:1: user_script:1: C stack overflow
Let me know if you think otherwise or that we can close?
Comment From: Lee-nju
Thank you for your patient answer, it should be closed.