CVE-2019-6706

Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
lualua
5.3.5
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
lua5.1
bookworm
5.1.5-9
fixed
bullseye
5.1.5-8.1
fixed
sid
5.1.5-9
fixed
trixie
5.1.5-9
fixed
lua5.2
bookworm
5.2.4-3
fixed
bullseye
5.2.4-1.1
fixed
sid
5.2.4-3
fixed
trixie
5.2.4-3
fixed
lua5.3
bookworm
5.3.6-2
fixed
bullseye
5.3.3-1.1+deb11u1
fixed
sid
5.3.6-2
fixed
trixie
5.3.6-2
fixed
lua50
bullseye
5.0.3-8.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
lua5.1
bionic
not-affected
cosmic
not-affected
trusty
not-affected
xenial
not-affected
lua5.2
bionic
not-affected
cosmic
not-affected
trusty
not-affected
xenial
not-affected
lua5.3
bionic
Fixed 5.3.3-1ubuntu0.18.04.1
released
cosmic
Fixed 5.3.3-1ubuntu0.18.10.1
released
trusty
dne
xenial
Fixed 5.3.1-1ubuntu2.1
released
lua50
bionic
not-affected
cosmic
not-affected
trusty
dne
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
liblua5_3-5
suse enterprise desktop 15
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP1
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP2
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP3
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP4
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP5
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP6
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP7
5.3.4-3.3.2
fixed
suse enterprise sap 15
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP1
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP2
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP3
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP4
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP5
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP6
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP7
5.3.4-3.3.2
fixed
suse enterprise server 15
5.3.4-3.3.2
fixed
suse enterprise server 15 SP1
5.3.4-3.3.2
fixed
suse enterprise server 15 SP2
5.3.4-3.3.2
fixed
suse enterprise server 15 SP3
5.3.4-3.3.2
fixed
suse enterprise server 15 SP4
5.3.4-3.3.2
fixed
suse enterprise server 15 SP5
5.3.4-3.3.2
fixed
suse enterprise server 15 SP6
5.3.4-3.3.2
fixed
suse enterprise server 15 SP7
5.3.4-3.3.2
fixed
liblua5_3-5-32bit
suse enterprise desktop 15
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP1
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP2
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP3
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP4
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP5
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP6
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP7
5.3.4-3.3.2
fixed
suse enterprise sap 15
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP1
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP2
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP3
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP4
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP5
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP6
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP7
5.3.4-3.3.2
fixed
suse enterprise server 15
5.3.4-3.3.2
fixed
suse enterprise server 15 SP1
5.3.4-3.3.2
fixed
suse enterprise server 15 SP2
5.3.4-3.3.2
fixed
suse enterprise server 15 SP3
5.3.4-3.3.2
fixed
suse enterprise server 15 SP4
5.3.4-3.3.2
fixed
suse enterprise server 15 SP5
5.3.4-3.3.2
fixed
suse enterprise server 15 SP6
5.3.4-3.3.2
fixed
suse enterprise server 15 SP7
5.3.4-3.3.2
fixed
lua53
suse enterprise desktop 15
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP1
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP2
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP3
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP4
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP5
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP6
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP7
5.3.4-3.3.2
fixed
suse enterprise sap 15
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP1
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP2
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP3
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP4
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP5
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP6
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP7
5.3.4-3.3.2
fixed
suse enterprise server 15
5.3.4-3.3.2
fixed
suse enterprise server 15 SP1
5.3.4-3.3.2
fixed
suse enterprise server 15 SP2
5.3.4-3.3.2
fixed
suse enterprise server 15 SP3
5.3.4-3.3.2
fixed
suse enterprise server 15 SP4
5.3.4-3.3.2
fixed
suse enterprise server 15 SP5
5.3.4-3.3.2
fixed
suse enterprise server 15 SP6
5.3.4-3.3.2
fixed
suse enterprise server 15 SP7
5.3.4-3.3.2
fixed
lua53-devel
suse enterprise desktop 15
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP1
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP2
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP3
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP4
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP5
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP6
5.3.4-3.3.2
fixed
suse enterprise desktop 15 SP7
5.3.4-3.3.2
fixed
suse enterprise sap 15
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP1
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP2
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP3
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP4
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP5
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP6
5.3.4-3.3.2
fixed
suse enterprise sap 15 SP7
5.3.4-3.3.2
fixed
suse enterprise server 15
5.3.4-3.3.2
fixed
suse enterprise server 15 SP1
5.3.4-3.3.2
fixed
suse enterprise server 15 SP2
5.3.4-3.3.2
fixed
suse enterprise server 15 SP3
5.3.4-3.3.2
fixed
suse enterprise server 15 SP4
5.3.4-3.3.2
fixed
suse enterprise server 15 SP5
5.3.4-3.3.2
fixed
suse enterprise server 15 SP6
5.3.4-3.3.2
fixed
suse enterprise server 15 SP7
5.3.4-3.3.2
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
lua
RHEL 8
0:5.3.4-11.el8
fixed
lua-devel
RHEL 8
0:5.3.4-11.el8
fixed
lua-libs
RHEL 8
0:5.3.4-11.el8
fixed
Common Weakness Enumeration
References
http://lua-users.org/lists/lua-l/2019-01/msg00039.html
http://packetstormsecurity.com/files/151335/Lua-5.3.5-Use-After-Free.html
https://access.redhat.com/security/cve/cve-2019-6706
https://github.com/Lua-Project/cve-analysis/blob/a43c9ccd00274b31fa2f24c6c8f20ce36655682d/CVE-2019-6706.pdf
https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e
https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html
http://lua-users.org/lists/lua-l/2019-01/msg00039.html
http://packetstormsecurity.com/files/151335/Lua-5.3.5-Use-After-Free.html
https://access.redhat.com/security/cve/cve-2019-6706
https://github.com/Lua-Project/cve-analysis/blob/a43c9ccd00274b31fa2f24c6c8f20ce36655682d/CVE-2019-6706.pdf
https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e
https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html