cve 2022 28805

This tag covers CVE-2022-28805, a heap-based buffer over-read vulnerability discovered in the Lua interpreter. The flaw resides in the singlevar function within lparser.c and affects Lua versions 5.4.0 through 5.4.3. It can be triggered when compiling specially crafted scripts, potentially leading to information disclosure or crashes. The upstream fix was included in Lua release 5.4.4. Discussions on WindowsForum.com provide a patch guide for users running affected versions, detailing how to apply the security update to mitigate the risk. The content is relevant for developers, system administrators, and anyone embedding Lua in their applications who needs to ensure their environment is patched against this specific vulnerability.