Is CVE-2019-6706 in Lua 5.4 fixed?

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

• Subject: Is CVE-2019-6706 in Lua 5.4 fixed?
• From: jakub.kulik@...
• Date: 2020年7月20日 13:01:18 +0200

---

Hi

I was recently investigating the state of CVE-2019-6706, and it seems that while this was fixed in 5.3 branch [1], it was not forward-ported to 5.4. Is that the case or am I missing some other change that makes this nonissue?

Best Regards,
Jakub

[1] https://github.com/lua/lua/commit/89aee84cbc9224f638f3b7951b306d2ee8ecb71e [CVE-2019-6706 discussion] http://lua.2524044.n2.nabble.com/Bug-Report-Use-after-free-in-debug-upvaluejoin-tc7685506.html

---

• Follow-Ups:
  • Re: Is CVE-2019-6706 in Lua 5.4 fixed?, Luiz Henrique de Figueiredo

• Prev by Date: A tricky way to determine Lua version (updated)
• Next by Date: Re: Is CVE-2019-6706 in Lua 5.4 fixed?
• Previous by thread: Re: A tricky way to determine Lua version (updated)
• Next by thread: Re: Is CVE-2019-6706 in Lua 5.4 fixed?
• Index(es):
  • Date
  • Thread