JLSEC-2026-553
- Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-553.md
- Import Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-553.json
- JSON Data
- https://api.osv.dev/v1/vulns/JLSEC-2026-553
- Upstream
- Published
- 2026-05-26T19:45:06.761Z
- Modified
- 2026-05-26T20:00:07.413845201Z
- Summary
- [none]
- Details
-
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
- Database specific
{ "sources": [ { "id": "CVE-2019-6706", "imported": "2026-05-26T02:05:09.380Z", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2019-6706", "published": "2019-01-23T19:29:00.447Z", "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6706", "modified": "2024-11-21T04:46:59.147Z", "database_specific": { "status": "Modified" } } ], "license": "CC-BY-4.0" }- References
-
- http://lua-users.org/lists/lua-l/2019-01/msg00039.html
- http://lua-users.org/lists/lua-l/2019-01/msg00039.html
- http://packetstormsecurity.com/files/151335/Lua-5.3.5-Use-After-Free.html
- http://packetstormsecurity.com/files/151335/Lua-5.3.5-Use-After-Free.html
- https://access.redhat.com/security/cve/cve-2019-6706
- https://access.redhat.com/security/cve/cve-2019-6706
- https://github.com/Lua-Project/cve-analysis/blob/a43c9ccd00274b31fa2f24c6c8f20ce36655682d/CVE-2019-6706.pdf
- https://github.com/Lua-Project/cve-analysis/blob/a43c9ccd00274b31fa2f24c6c8f20ce36655682d/CVE-2019-6706.pdf
- https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e
- https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e
- https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html
- https://lists.debian.org/debian-lts-announce/2023/06/msg00031.html