{"id":"CVE-2019-6706","details":"Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.","modified":"2026-03-14T09:37:35.521571Z","published":"2019-01-23T19:29:00.447Z","related":["ALSA-2019:3706","CGA-p894-q47q-gr8g","SUSE-SU-2019:0247-1","openSUSE-SU-2019:0175-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html"},{"type":"WEB","url":"http://lua-users.org/lists/lua-l/2019-01/msg00039.html"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/cve-2019-6706"},{"type":"FIX","url":"https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e"},{"type":"EVIDENCE","url":"https://github.com/Lua-Project/cve-analysis/blob/a43c9ccd00274b31fa2f24c6c8f20ce36655682d/CVE-2019-6706.pdf"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/151335/Lua-5.3.5-Use-After-Free.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/lua/lua","events":[{"introduced":"0"},{"last_affected":"063d4e4543088e7a21965bda8ee5a0f952a9029e"},{"fixed":"89aee84cbc9224f638f3b7951b306d2ee8ecb71e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.3.5"}]}}],"versions":["v1.2","v2.1","v2.2","v2.3-beta","v2.4","v2.4-beta","v2.5","v2.5-beta","v2.5.1","v3.0","v3.0-alpha","v3.1","v3.1-alpha","v3.2","v3.2-beta","v4.0","v4.0-alpha","v4.0-beta","v4.1-alpha","v5.0","v5.0-alpha","v5.0-beta","v5.1","v5.1-alpha","v5.1-beta","v5.1.1","v5.2-alpha","v5.2-beta","v5.2.0","v5.2.1","v5.2.2","v5.3-alpha","v5.3-beta","v5.3.0","v5.3.1","v5.3.2","v5.3.3","v5.3.4","v5.3.5"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.10"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6706.json","vanir_signatures":[{"digest":{"function_hash":"45231132265163223636532311818292060392","length":408},"source":"https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2019-6706-00032def","target":{"file":"lapi.c","function":"getupvalref"}},{"digest":{"function_hash":"168654682806415888564868502854858233475","length":468},"source":"https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2019-6706-264b1e53","target":{"file":"lapi.c","function":"lua_upvalueid"}},{"digest":{"function_hash":"336886739732523367635662810366732805781","length":392},"source":"https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2019-6706-ad2906b9","target":{"file":"lapi.c","function":"lua_upvaluejoin"}},{"digest":{"threshold":0.9,"line_hashes":["114280754343182667492310544413047257523","135797660772714151558304634952356559189","324426448145863171687706490342891370242","158464887736040735811625781411603539517","109284068507191940525491597714252165763","17353900652863108361291584574332551664","73243341667893678318317837601477420919","184943886777344493192408412618803260479","92936929984927184471054474271540256660","315317082330350668532734840438847734449","232247388784538711332203219499193690964","238016185841859018970600644226169544163","212682399206584147756393191489144751679","265234325060766264020411529438170302368","316472907546906173177633520659052112636","211225411100249201500195271735977703457","105626001136622936431389132883094094572","215722041084154120534485317323045511353","69590894200313878133321429160581940638","104367335793266688094676634691058216743"]},"source":"https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2019-6706-e7916afb","target":{"file":"lapi.c"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}