lua5.3: use-after-free in lua_upvaluejoin in lapi.c (CVE-2019-6706)
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For
example, a crash outcome might be achieved by an
attacker who is able to trigger a debug.upvaluejoin call in which the
arguments have certain relationships.
References:
http://lua.2524044.n2.nabble.com/Bug-Report-Use-after-free-in-debug-upvaluejoin-tc7685506.html
https://security-tracker.debian.org/tracker/CVE-2019-6706
(from redmine: issue id 10251, created on 2019-04-15, closed on 2019-05-06)
- Relations:
- child #10252 (closed)
- child #10253 (closed)
- child #10254 (closed)
- child #10255 (closed)
- child #10256 (closed)
- child #10264 (closed)