CVE-2019-6706
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-6706
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-6706.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-6706
- Downstream
- Related
- Published
- 2019-01-23T19:29:00Z
- Modified
- 2025-10-15T11:00:13.609410Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
- References
-
- http://packetstormsecurity.com/files/151335/Lua-5.3.5-Use-After-Free.html
- https://access.redhat.com/security/cve/cve-2019-6706
- https://github.com/Lua-Project/cve-analysis/blob/a43c9ccd00274b31fa2f24c6c8f20ce36655682d/CVE-2019-6706.pdf
- https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e
- http://lua-users.org/lists/lua-l/2019-01/msg00039.html
- https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html
Affected packages
Git / github.com/lua/lua
Affected ranges
- Type
- GIT
- Repo
- https://github.com/lua/lua
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.2
v2.*
v2.1
v2.2
v2.3-beta
v2.4
v2.4-beta
v2.5
v2.5-beta
v2.5.1
v3.*
v3.0
v3.0-alpha
v3.1
v3.1-alpha
v3.2
v3.2-beta
v4.*
v4.0
v4.0-alpha
v4.0-beta
v4.1-alpha
v5.*
v5.0
v5.0-alpha
v5.0-beta
v5.1
v5.1-alpha
v5.1-beta
v5.1.1
v5.2-alpha
v5.2-beta
v5.2.0
v5.2.1
v5.2.2
v5.3-alpha
v5.3-beta
v5.3.0
v5.3.1
v5.3.2
v5.3.3
v5.3.4
v5.3.5
Database specific
vanir_signatures
[
{
"source": "https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e",
"id": "CVE-2019-6706-00032def",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "getupvalref",
"file": "lapi.c"
},
"digest": {
"function_hash": "45231132265163223636532311818292060392",
"length": 408.0
}
},
{
"source": "https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e",
"id": "CVE-2019-6706-264b1e53",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "lua_upvalueid",
"file": "lapi.c"
},
"digest": {
"function_hash": "168654682806415888564868502854858233475",
"length": 468.0
}
},
{
"source": "https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e",
"id": "CVE-2019-6706-ad2906b9",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "lua_upvaluejoin",
"file": "lapi.c"
},
"digest": {
"function_hash": "336886739732523367635662810366732805781",
"length": 392.0
}
},
{
"source": "https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e",
"id": "CVE-2019-6706-e7916afb",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "lapi.c"
},
"digest": {
"line_hashes": [
"114280754343182667492310544413047257523",
"135797660772714151558304634952356559189",
"324426448145863171687706490342891370242",
"158464887736040735811625781411603539517",
"109284068507191940525491597714252165763",
"17353900652863108361291584574332551664",
"73243341667893678318317837601477420919",
"184943886777344493192408412618803260479",
"92936929984927184471054474271540256660",
"315317082330350668532734840438847734449",
"232247388784538711332203219499193690964",
"238016185841859018970600644226169544163",
"212682399206584147756393191489144751679",
"265234325060766264020411529438170302368",
"316472907546906173177633520659052112636",
"211225411100249201500195271735977703457",
"105626001136622936431389132883094094572",
"215722041084154120534485317323045511353",
"69590894200313878133321429160581940638",
"104367335793266688094676634691058216743"
],
"threshold": 0.9
}
}
]