mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-24 03:24:01 +02:00
0xMarcio
777 B
777 B
CVE-2019-6706
Description
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
POC
Reference
- http://packetstormsecurity.com/files/151335/Lua-5.3.5-Use-After-Free.html
- https://www.exploit-db.com/exploits/46246/