lua bytecode and sandbox evasion ?

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

• Subject: lua bytecode and sandbox evasion ?
• From: tst2005 <tst2005@...>
• Date: 2016年9月14日 01:36:40 +0200

---

Hello,
I would like to know if the bug/vulnerability is already known ?
Is there a CVE number ?
I'm still trying to reproduce, but it seems credible.
http://apocrypha.numin.it/talks/lua_bytecode_exploitation.pdf
https://gist.github.com/corsix/6575486
https://github.com/erezto/lua-sandbox-escape
https://www.reddit.com/r/netsec/comments/52cm3h
Regards,

---

• Follow-Ups:
  • Re: lua bytecode and sandbox evasion ?, Peter Cawley

• Prev by Date: lpeg.Cb bug (?) with repeated evaluation of group capture pattern
• Next by Date: Re: lua bytecode and sandbox evasion ?
• Previous by thread: Re: lpeg.Cb bug (?) with repeated evaluation of group capture pattern
• Next by thread: Re: lua bytecode and sandbox evasion ?
• Index(es):
  • Date
  • Thread