Published: 23/01/2019 Updated: 23/06/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lua lua 5.3.5
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10

Debian Bug report logs - #920321 lua53: CVE-2019-6706 Package: src:lua53; Maintainer for src:lua53 is Enrico Tassi <gareuselesinge@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 24 Jan 2019 06:06:01 UTC Severity: important Tags: security, upstream Found in versions lua53/533-11, ...

Lua could be made to crash if it received a specially crafted script ...

Synopsis Moderate: lua security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for lua is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...

Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...

Lua 535 has a use-after-free in lua_upvaluejoin in lapic For example, a crash outcome might be achieved by an attacker who is able to trigger a debugupvaluejoin call in which the arguments have certain relationships ...

# Exploit Title: Lua 535 # Exploit Author: Fady Mohamed Osman (twittercom/fady_othman) # Exploit-db : wwwexploit-dbcom/author/?a=2986 # Blog : blogfadyothmancom/ # Date: Jan 10th 2019 # Vendor Homepage: wwwluaorg/ # Software Link: wwwluaorg/ftp/lua-535targz # Version: 535 # CVE ID: CVE-2019-6 ...

Lua version 535 suffers from a use-after-free vulnerability ...

CWE-416 https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e http://packetstormsecurity.com/files/151335/Lua-5.3.5-Use-After-Free.html http://lua-users.org/lists/lua-l/2019-01/msg00039.html https://github.com/Lua-Project/cve-analysis/blob/a43c9ccd00274b31fa2f24c6c8f20ce36655682d/CVE-2019-6706.pdf https://access.redhat.com/security/cve/cve-2019-6706 https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920321 https://usn.ubuntu.com/3941-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/46246 https://access.redhat.com/security/cve/cve-2019-6706

CVE-2019-6706

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect