Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.

References

lua-users.org/lists/lua-l/2019-01/msg00039.html

packetstormsecurity.com/files/151335/Lua-5.3.5-Use-After-Free.html

access.redhat.com/security/cve/cve-2019-6706

github.com/Lua-Project/cve-analysis/blob/a43c9ccd00274b31fa2f24c6c8f20ce36655682d/CVE-2019-6706.pdf

github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e

lists.debian.org/debian-lts-announce/2023/06/msg00031.html

fedora 1

nessus 16

cbl_mariner 2

openvas 7

cve 1

zdt 1

suse 1

osv 5

redhat 2

ubuntu 1

rocky 1

alpinelinux 1

ubuntucve 1

almalinux 1

oraclelinux 1

redhatcve 1

packetstorm 1

photon 6

exploitdb 1

prion 1

veracode 1

debiancve 1

nvd 1

exploitpack 1

debian 1

fedora

[SECURITY] Fedora 29 Update: lua-5.3.5-3.fc29

2019-01-30 02:08:41

nessus

Ubuntu 16.04 LTS / 18.04 LTS : Lua vulnerability (USN-3941-1)

2019-04-09 00:00:00

SUSE SLED15 / SLES15 Security Update : lua53 (SUSE-SU-2019:0247-1)

2019-02-06 00:00:00

Photon OS 3.0: Lua PHSA-2019-3.0-0036

2024-07-23 00:00:00

cbl_mariner

CVE-2019-6706 affecting package lua 5.3.5-9

2020-11-05 04:21:19

CVE-2019-6706 affecting package lua for versions less than 5.3.5-11

2022-04-09 06:51:52

openvas

SUSE: Security Advisory (SUSE-SU-2019:0247-1)

2021-06-09 00:00:00

Huawei EulerOS: Security Advisory for lua (EulerOS-SA-2019-2339)

2020-01-23 00:00:00

Fedora Update for lua FEDORA-2019-ee57bda7ae

2019-05-07 00:00:00

cve

CVE-2019-6706

2019-01-23 19:29:00

zdt

Lua 5.3.5 - debug.upvaluejoin Use After Free Exploit

2019-01-25 00:00:00

suse

Security update for lua53 (moderate)

2019-02-14 00:00:00

osv

Moderate: lua security and bug fix update

2019-11-05 20:53:20

CGA-w6jq-w873-v56h

2024-06-06 12:29:41

CVE-2019-6706

2019-01-23 19:29:00

redhat

(RHSA-2019:3706) Moderate: lua security and bug fix update

2019-11-05 20:53:20

(RHSA-2020:4298) Moderate: OpenShift Container Platform 4.6.1 image security update

2020-10-27 14:57:54

ubuntu

Lua vulnerability

2019-04-08 00:00:00

rocky

lua security and bug fix update

2019-11-05 20:53:20

alpinelinux

CVE-2019-6706

2019-01-23 19:29:00

ubuntucve

CVE-2019-6706

2019-01-23 00:00:00

almalinux

Moderate: lua security and bug fix update

2019-11-05 20:53:20

oraclelinux

lua security and bug fix update

2019-11-14 00:00:00

redhatcve

CVE-2019-6706

2019-01-28 14:19:45

packetstorm

Lua 5.3.5 Use-After-Free

2019-01-25 00:00:00

photon

Important Photon OS Security Update - PHSA-2021-0009

2021-04-14 00:00:00

Important Photon OS Security Update - PHSA-2021-4.0-0009

2021-04-14 00:00:00

Important Photon OS Security Update - PHSA-2023-4.0-0517

2023-11-20 00:00:00

exploitdb

Lua 5.3.5 - 'debug.upvaluejoin' Use After Free

2019-01-25 00:00:00

prion

Design/Logic Flaw

2019-01-23 19:29:00

veracode

Denial Of Service (DoS)

2019-11-06 00:21:15

debiancve

CVE-2019-6706

2019-01-23 19:29:00

nvd

CVE-2019-6706

2019-01-23 19:29:00

exploitpack

Lua 5.3.5 - debug.upvaluejoin Use After Free

2019-01-25 00:00:00

debian

[SECURITY] [DLA 3469-1] lua5.3 security update

2023-06-22 22:50:46

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

7.4

Confidence

High

EPSS

0.03

Percentile

90.9%

JSON

Related for CVELIST:CVE-2019-6706