[3.9] lua5.3: use-after-free in lua_upvaluejoin in lapi.c (CVE-2019-6706)
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For
example, a crash outcome might be achieved by an
attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
(from redmine: issue id 10253, created on 2019-04-15, closed on 2019-05-06)
- parent #10251 (closed)
- Revision ebd55722 by Natanael Copa on 2019-05-06T17:07:51Z:
main/lua5.3: security fix for CVE-2019-6706 fixes #10253