Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row. CREATE(Triage):(User=admin) [CVE-2020-24342|https://nvd.nist.gov/vuln/detail/CVE-2020-24342]