mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
766 B
766 B
CVE-2019-6706
Description
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
POC
Reference
- http://packetstormsecurity.com/files/151335/Lua-5.3.5-Use-After-Free.html
- https://www.exploit-db.com/exploits/46246/