{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92483?format=json","vulnerability_id":"VCID-kwvv-s1tz-zucm","summary":"Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.","aliases":[{"alias":"CVE-2019-6706"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115461?format=json","purl":"pkg:deb/debian/lua50@0?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua50@0%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/115460?format=json","purl":"pkg:deb/debian/lua50@5.0.3-8.1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua50@5.0.3-8.1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/115435?format=json","purl":"pkg:deb/debian/lua5.1@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.1@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115432?format=json","purl":"pkg:deb/debian/lua5.1@5.1.5-8.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.1@5.1.5-8.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115430?format=json","purl":"pkg:deb/debian/lua5.1@5.1.5-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.1@5.1.5-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115434?format=json","purl":"pkg:deb/debian/lua5.1@5.1.5-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.1@5.1.5-11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115433?format=json","purl":"pkg:deb/debian/lua5.1@5.1.5-12?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.1@5.1.5-12%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115441?format=json","purl":"pkg:deb/debian/lua5.2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115439?format=json","purl":"pkg:deb/debian/lua5.2@5.2.4-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.2@5.2.4-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115437?format=json","purl":"pkg:deb/debian/lua5.2@5.2.4-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.2@5.2.4-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115440?format=json","purl":"pkg:deb/debian/lua5.2@5.2.4-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.2@5.2.4-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115445?format=json","purl":"pkg:deb/debian/lua5.3@5.3.3-1.1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.3@5.3.3-1.1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115444?format=json","purl":"pkg:deb/debian/lua5.3@5.3.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.3@5.3.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115443?format=json","purl":"pkg:deb/debian/lua5.3@5.3.6-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.3@5.3.6-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/115446?format=json","purl":"pkg:deb/debian/lua5.3@5.3.6-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lua5.3@5.3.6-3%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/146011?format=json","purl":"pkg:rpm/redhat/lua@5.3.4-11?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kwvv-s1tz-zucm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/lua@5.3.4-11%3Farch=el8"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6706.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6706.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6706","reference_id":"","reference_type":"","scores":[{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76093","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6706"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670019","reference_id":"1670019","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670019"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920321","reference_id":"920321","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920321"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/46246.txt","reference_id":"CVE-2019-6706","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/46246.txt"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3706","reference_id":"RHSA-2019:3706","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3706"}],"weaknesses":[{"cwe_id":416,"name":"Use After Free","description":"Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code."}],"exploits":[{"date_added":"2019-01-25","description":"Lua 5.3.5 - 'debug.upvaluejoin' Use After Free","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":false,"source_date_published":"2019-01-25","exploit_type":"dos","platform":"multiple","source_date_updated":"2019-01-25","data_source":"Exploit-DB","source_url":""}],"severity_range_score":"7.5 - 7.5","exploitability":"0.5","weighted_severity":"6.8","risk_score":3.4,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kwvv-s1tz-zucm"}