[3.6] lua5.3: use-after-free in lua_upvaluejoin in lapi.c (CVE-2019-6706)
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For
example, a crash outcome might be achieved by an
attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
(from redmine: issue id 10256, created on 2019-04-15, closed on 2019-05-06)
- parent #10251 (closed)
- Revision 01caeea4 by Natanael Copa on 2019-05-06T17:21:50Z:
main/lua5.3: security fix for CVE-2019-6706 fixes #10256 (cherry picked from commit ebd55722b9637f4559c94b13e5e061ffef9fb4a3)