Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.

References

lua-users.org/lists/lua-l/2019-01/msg00039.html

packetstormsecurity.com/files/151335/Lua-5.3.5-Use-After-Free.html

access.redhat.com/security/cve/cve-2019-6706

github.com/Lua-Project/cve-analysis/blob/a43c9ccd00274b31fa2f24c6c8f20ce36655682d/CVE-2019-6706.pdf

github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e

lists.debian.org/debian-lts-announce/2023/06/msg00031.html

nvd 1

nessus 13

debiancve 1

veracode 1

prion 1

osv 4

exploitpack 1

fedora 1

cbl_mariner 2

openvas 7

cve 1

ubuntu 1

oraclelinux 1

almalinux 1

ubuntucve 1

rocky 1

alpinelinux 1

zdt 1

suse 1

redhat 2

packetstorm 1

redhatcve 1

photon 6

exploitdb 1

debian 1

nvd

CVE-2019-6706

2019-01-23 19:29:00

nessus

EulerOS 2.0 SP8 : lua (EulerOS-SA-2019-1776)

2019-07-25 00:00:00

RHEL 8 : lua (RHSA-2019:3706)

2019-11-06 00:00:00

Ubuntu 16.04 LTS / 18.04 LTS : Lua vulnerability (USN-3941-1)

2019-04-09 00:00:00

debiancve

CVE-2019-6706

2019-01-23 19:29:00

veracode

Denial Of Service (DoS)

2019-11-06 00:21:15

prion

Design/Logic Flaw

2019-01-23 19:29:00

osv

Moderate: lua security and bug fix update

2019-11-05 20:53:20

CVE-2019-6706

2019-01-23 19:29:00

Moderate: lua security and bug fix update

2019-11-05 20:53:20

exploitpack

Lua 5.3.5 - debug.upvaluejoin Use After Free

2019-01-25 00:00:00

fedora

[SECURITY] Fedora 29 Update: lua-5.3.5-3.fc29

2019-01-30 02:08:41

cbl_mariner

CVE-2019-6706 affecting package lua 5.3.5-9

2020-11-05 04:21:19

CVE-2019-6706 affecting package lua for versions less than 5.3.5-11

2022-04-09 06:51:52

openvas

SUSE: Security Advisory (SUSE-SU-2019:0247-1)

2021-06-09 00:00:00

openSUSE: Security Advisory for lua53 (openSUSE-SU-2019:0175-1)

2019-02-15 00:00:00

Ubuntu: Security Advisory (USN-3941-1)

2019-04-09 00:00:00

cve

CVE-2019-6706

2019-01-23 19:29:00

ubuntu

Lua vulnerability

2019-04-08 00:00:00

oraclelinux

lua security and bug fix update

2019-11-14 00:00:00

almalinux

Moderate: lua security and bug fix update

2019-11-05 20:53:20

ubuntucve

CVE-2019-6706

2019-01-23 00:00:00

rocky

lua security and bug fix update

2019-11-05 20:53:20

alpinelinux

CVE-2019-6706

2019-01-23 19:29:00

zdt

Lua 5.3.5 - debug.upvaluejoin Use After Free Exploit

2019-01-25 00:00:00

suse

Security update for lua53 (moderate)

2019-02-14 00:00:00

redhat

(RHSA-2019:3706) Moderate: lua security and bug fix update

2019-11-05 20:53:20

(RHSA-2020:4298) Moderate: OpenShift Container Platform 4.6.1 image security update

2020-10-27 14:57:54

packetstorm

Lua 5.3.5 Use-After-Free

2019-01-25 00:00:00

redhatcve

CVE-2019-6706

2019-01-28 14:19:45

photon

Important Photon OS Security Update - PHSA-2021-0009

2021-04-14 00:00:00

Important Photon OS Security Update - PHSA-2021-4.0-0009

2021-04-14 00:00:00

Important Photon OS Security Update - PHSA-2023-4.0-0517

2023-11-20 00:00:00

exploitdb

Lua 5.3.5 - 'debug.upvaluejoin' Use After Free

2019-01-25 00:00:00

debian

[SECURITY] [DLA 3469-1] lua5.3 security update

2023-06-22 22:50:46

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.4 High

AI Score

Confidence

High

0.03 Low

EPSS

Percentile

91.0%

JSON

Related for CVELIST:CVE-2019-6706