CVE-2024-39840 Information

Description

Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake objects.

Reference

https://news.ycombinator.com/item?id=40830005 https://memorycorruption.net/posts/rce-lua-factorio/