Windows IKE Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-21843, CVE-2022-21848, CVE-2022-21883, CVE-2022-21890.

CVE-2022-21889

Windows IKE Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-21843, CVE-2022-21848, CVE-2022-21883, CVE-2022-21889.

CVE-2022-21890

DirectX Graphics Kernel File Denial of Service Vulnerability.

CVE-2022-21918

.NET Framework Denial of Service Vulnerability.

CVE-2022-21911

Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.

![lua-users home](http://lua-users.org/images/nav-logo.png)

  
\[Date Prev\]\[Date Next\]\[Thread Prev\]\[Thread Next\] \[Date Index\] \[Thread Index\]

*   **Subject**: **Re: Crash : SEGV that occurs during error handling that occurs in the \_\_close metamethod of to-be-closed after calling os.exit**
*   **From**: Roberto Ierusalimschy <roberto@...\>
*   **Date**: Tue, 30 Nov 2021 15:11:36 -0300

\> Hi, I found an interesting SEGV crash on Lua interpreter.
> 
> Lua .5.4.4, commit hash ad3942adba574c9d008c99ce2785a5af19d146bf
> 
> \[...\]
> local function v(a, b, c, ...)
> return os.exit(0, true)
> end
> 
> local function a()
> return h()
> end
> 
> local e <close> = setmetatable({}, {\_\_close = a})
> 
> v()

Many thanks for the feedback.

The issue here is that, when closing the state, Lua assumes its stack
is going away, so it could close 'e' using all the stack after it.
However, the call to 'v' is still pending, and when the error tries
to create a traceback, the information about the call to 'v' has
been messed up by the closing of 'e'.

The fix seems simple:

--- a/lstate.c
+++ b/lstate.c
@@ -271,6 +271,7 @@ static void close\_state (lua\_State \*L) {
   if (!completestate(g))  /\* closing a partially built state? \*/
     luaC\_freeallobjects(L);  /\* just collect its objects \*/
   else {  /\* closing a fully built state \*/
+    L->ci = &L->base\_ci;  /\* unwind CallInfo list \*/
     luaD\_closeprotected(L, 1, LUA\_OK);  /\* close all upvalues \*/
     luaC\_freeallobjects(L);  /\* collect all objects \*/
     luai\_userstateclose(L);

-- Roberto

*   **Follow-Ups**:
    *   **Re: Crash : SEGV that occurs during error handling that occurs in the \_\_close metamethod of to-be-closed after calling os.exit,** _Kang woosun_

*   **References**:
    *   **Crash : SEGV that occurs during error handling that occurs in the \_\_close metamethod of to-be-closed after calling os.exit,** _Kang woosun_

*   Prev by Date: **Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit**
*   Next by Date: **Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit**
*   Previous by thread: **Re: Crash : SEGV that occurs during error handling that occurs in the \_\_close metamethod of to-be-closed after calling os.exit**
*   Next by thread: **Re: Crash : SEGV that occurs during error handling that occurs in the \_\_close metamethod of to-be-closed after calling os.exit**
*   Index(es):
    *   **Date**
    *   **Thread**

CVE-2021-44647: SEGV that occurs during error handling that occurs in the __close metamethod of to-be-closed after calling os.exit

A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system ("backdoors") or cause a denial of service.

CVE-2021-45460

**Are the any prerequisites to a successful attack?**

Yes, only systems with the IPSec service running are vulnerable to this attack.

Tag

#dos