ID CVE-2019-6706
Summary Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
References
Vulnerable Configurations
  • cpe:2.3:a:lua:lua:5.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:lua:lua:5.3.5:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 06-11-2019 - 01:15)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1670019
title CVE-2019-6706 lua: use-after-free in lua_upvaluejoin in lapi.c resulting in denial of service
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • comment lua is earlier than 0:5.3.4-11.el8
          oval oval:com.redhat.rhsa:tst:20193706001
        • comment lua is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193706002
      • AND
        • comment lua-debugsource is earlier than 0:5.3.4-11.el8
          oval oval:com.redhat.rhsa:tst:20193706003
        • comment lua-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193706004
      • AND
        • comment lua-devel is earlier than 0:5.3.4-11.el8
          oval oval:com.redhat.rhsa:tst:20193706005
        • comment lua-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193706006
      • AND
        • comment lua-libs is earlier than 0:5.3.4-11.el8
          oval oval:com.redhat.rhsa:tst:20193706007
        • comment lua-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193706008
rhsa
id RHSA-2019:3706
released 2019-11-05
severity Moderate
title RHSA-2019:3706: lua security and bug fix update (Moderate)
rpms
  • lua-0:5.3.4-11.el8
  • lua-debuginfo-0:5.3.4-11.el8
  • lua-debugsource-0:5.3.4-11.el8
  • lua-devel-0:5.3.4-11.el8
  • lua-libs-0:5.3.4-11.el8
  • lua-libs-debuginfo-0:5.3.4-11.el8
refmap via4
exploit-db 46246
misc http://lua.2524044.n2.nabble.com/Bug-Report-Use-after-free-in-debug-upvaluejoin-tc7685506.html
ubuntu USN-3941-1
Last major update 06-11-2019 - 01:15
Published 23-01-2019 - 19:29
Last modified 06-11-2019 - 01:15
Back to Top