[3.7] lua5.3: use-after-free in lua_upvaluejoin in lapi.c (CVE-2019-6706)
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For
example, a crash outcome might be achieved by an
attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
(from redmine: issue id 10255, created on 2019-04-15, closed on 2019-05-06)
- parent #10251 (closed)
- Revision fda894f6 by Natanael Copa on 2019-05-06T17:13:58Z:
main/lua5.3: upgrade to 5.3.5 and sec fix CVE-2019-6706 fixes #10255