VulnerableCode Package Details - pkg:deb/debian/lua5.3@5.3.3-1.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/lua5.3@5.3.3-1.1

Essentials
History (2)

purl	pkg:deb/debian/lua5.3@5.3.3-1.1

Next non-vulnerable version	5.3.3-1.1+deb11u1
Latest non-vulnerable version	5.3.3-1.1+deb11u1
Risk	10.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-kwvv-s1tz-zucm Aliases: CVE-2019-6706	Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.	5.3.3-1.1+deb11u1 Affected by 0 other vulnerabilities.
VCID-ute6-ecyg-9ffz Aliases: CVE-2020-24370	Integer Underflow (Wrap or Wraparound) `ldebug.c` allows a negation overflow and segmentation fault in `getlocal` and `setlocal`.	5.3.3-1.1+deb11u1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T03:38:38.152693+00:00	Debian Oval Importer	Affected by	VCID-ute6-ecyg-9ffz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T02:39:17.953043+00:00	Debian Oval Importer	Affected by	VCID-kwvv-s1tz-zucm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0