AZL-41306

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-41306.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-41306

Upstream

CVE-2019-19391

Published

2019-11-29T16:15:10Z

Modified

2026-04-01T05:14:19.747022Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

CVE-2019-19391 affecting package sysbench for versions less than 1.0.20-3

Details

In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and > options are mishandled. NOTE: The LuaJIT project owner states that the debug libary is unsafe by definition and that this is not a vulnerability. When LuaJIT was originally developed, the expectation was that the entire debug library had no security guarantees and thus it made no sense to assign CVEs. However, not all users of later LuaJIT derivatives share this perspective

References

https://nvd.nist.gov/vuln/detail/CVE-2019-19391

Affected packages

Azure Linux:3 / sysbench

Package

Name: sysbench
Purl: pkg:rpm/azure-linux/sysbench

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.20-3

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-41306.json"