Unrated severityOSV Advisory· Published Jan 23, 2019· Updated Aug 4, 2024
CVE-2019-6706
CVE-2019-6706
Description
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14- osv-coords12 versionspkg:apk/chainguard/lua5.4pkg:apk/chainguard/lua5.4-devpkg:apk/chainguard/lua5.4-docpkg:apk/chainguard/lua5.4-libspkg:apk/wolfi/lua5.4pkg:apk/wolfi/lua5.4-devpkg:apk/wolfi/lua5.4-docpkg:apk/wolfi/lua5.4-libspkg:rpm/almalinux/luapkg:rpm/almalinux/lua-develpkg:rpm/opensuse/lua53&distro=openSUSE%20Leap%2015.0pkg:rpm/suse/lua53&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015
< 0+ 11 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 5.3.4-11.el8
- (no CPE)range: < 5.3.4-11.el8
- (no CPE)range: < 5.3.4-lp150.2.3.1
- (no CPE)range: < 5.3.4-3.3.2
Patches
Vulnerability mechanics
References
6- lists.debian.org/debian-lts-announce/2023/06/msg00031.htmlmitremailing-list
- lua-users.org/lists/lua-l/2019-01/msg00039.htmlmitre
- packetstormsecurity.com/files/151335/Lua-5.3.5-Use-After-Free.htmlmitre
- access.redhat.com/security/cve/cve-2019-6706mitre
- github.com/Lua-Project/cve-analysis/blob/a43c9ccd00274b31fa2f24c6c8f20ce36655682d/CVE-2019-6706.pdfmitre
- github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71emitre
News mentions
0No linked articles in our index yet.