Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-kwvv-s1tz-zucm

Summary Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.

Aliases

alias	CVE-2019-6706

Fixed_packages

url	pkg:deb/debian/lua50@0?distro=bullseye
purl	pkg:deb/debian/lua50@0?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua50@0%3Fdistro=bullseye

url	pkg:deb/debian/lua50@5.0.3-8.1?distro=bullseye
purl	pkg:deb/debian/lua50@5.0.3-8.1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua50@5.0.3-8.1%3Fdistro=bullseye

url	pkg:deb/debian/lua5.1@0?distro=trixie
purl	pkg:deb/debian/lua5.1@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.1@0%3Fdistro=trixie

url	pkg:deb/debian/lua5.1@5.1.5-8.1?distro=trixie
purl	pkg:deb/debian/lua5.1@5.1.5-8.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.1@5.1.5-8.1%3Fdistro=trixie

url	pkg:deb/debian/lua5.1@5.1.5-9?distro=trixie
purl	pkg:deb/debian/lua5.1@5.1.5-9?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.1@5.1.5-9%3Fdistro=trixie

url	pkg:deb/debian/lua5.1@5.1.5-11?distro=trixie
purl	pkg:deb/debian/lua5.1@5.1.5-11?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.1@5.1.5-11%3Fdistro=trixie

url	pkg:deb/debian/lua5.1@5.1.5-12?distro=trixie
purl	pkg:deb/debian/lua5.1@5.1.5-12?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.1@5.1.5-12%3Fdistro=trixie

url	pkg:deb/debian/lua5.2@0?distro=trixie
purl	pkg:deb/debian/lua5.2@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.2@0%3Fdistro=trixie

url	pkg:deb/debian/lua5.2@5.2.4-1.1?distro=trixie
purl	pkg:deb/debian/lua5.2@5.2.4-1.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.2@5.2.4-1.1%3Fdistro=trixie

url	pkg:deb/debian/lua5.2@5.2.4-3?distro=trixie
purl	pkg:deb/debian/lua5.2@5.2.4-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.2@5.2.4-3%3Fdistro=trixie

url	pkg:deb/debian/lua5.2@5.2.4-4?distro=trixie
purl	pkg:deb/debian/lua5.2@5.2.4-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.2@5.2.4-4%3Fdistro=trixie

url	pkg:deb/debian/lua5.3@5.3.3-1.1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/lua5.3@5.3.3-1.1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.3@5.3.3-1.1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/lua5.3@5.3.6-1?distro=trixie
purl	pkg:deb/debian/lua5.3@5.3.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.3@5.3.6-1%3Fdistro=trixie

url	pkg:deb/debian/lua5.3@5.3.6-2?distro=trixie
purl	pkg:deb/debian/lua5.3@5.3.6-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.3@5.3.6-2%3Fdistro=trixie

url	pkg:deb/debian/lua5.3@5.3.6-3?distro=trixie
purl	pkg:deb/debian/lua5.3@5.3.6-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.3@5.3.6-3%3Fdistro=trixie

Affected_packages

url pkg:rpm/redhat/lua@5.3.4-11?arch=el8

purl pkg:rpm/redhat/lua@5.3.4-11?arch=el8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kwvv-s1tz-zucm

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/lua@5.3.4-11%3Farch=el8

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6706.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6706.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-6706

reference_id

reference_type

scores

value	0.00904
scoring_system	epss
scoring_elements	0.76093
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-6706

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1670019
reference_id	1670019
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1670019

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920321
reference_id	920321
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920321

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/46246.txt
reference_id	CVE-2019-6706
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/46246.txt

reference_url	https://access.redhat.com/errata/RHSA-2019:3706
reference_id	RHSA-2019:3706
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3706

Weaknesses

cwe_id	416
name	Use After Free
description	Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Exploits

date_added	2019-01-25
description	Lua 5.3.5 - 'debug.upvaluejoin' Use After Free
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`false`
source_date_published	2019-01-25
exploit_type	dos
platform	multiple
source_date_updated	2019-01-25
data_source	Exploit-DB
source_url

Severity_range_score 7.5 - 7.5

Exploitability 0.5

Weighted_severity 6.8

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kwvv-s1tz-zucm

Vulnerability Instance