CVE-2019-6706

Severity CVSS v4.0:
Pending analysis
Type:
CWE-416 Use After Free
Publication date:
23/01/2019
Last modified:
23/06/2023

Description

Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:lua:lua:5.3.5:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*