The Lua interpreter received a critical security fix in 2022 after researchers discovered that a missing internal call in lparser.c’s singlevar function allowed a heap-based buffer over-read when compiling certain crafted scripts—an issue tracked as CVE-2022-28805 that affects Lua releases 5.4.0...
