Vulnerability CVE-2019-6706

Vulnerability Name:

CVE-2019-6706 (CCN-156092)

Assigned:

2019-01-10

Published:

2019-01-10

Updated:

2023-06-23

Summary:

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2019-6706

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: CCN
Type: Nabble Web site
Use after free in debug.upvaluejoin

Source: cve@mitre.org
Type: Exploit, Third Party Advisory, VDB Entry
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: XF
Type: UNKNOWN
lua-cve20196706-dos(156092)

Source: cve@mitre.org
Type: Exploit, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Patch, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: CCN
Type: Packet Storm Security [01-25-2019]
Lua 5.3.5 Use-After-Free

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [01-25-2019]

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:lua:lua:5.3.5:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20196706	V	CVE-2019-6706	2023-06-22
oval:org.opensuse.security:def:7610	P	liblua5_3-5-32bit-5.3.6-3.6.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:747	P	Security update for keepalived (Important)	2022-09-09
oval:org.opensuse.security:def:1391	P	Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP3) (Important)	2022-06-29
oval:org.opensuse.security:def:3025	P	binutils-2.32-9.36.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3278	P	libvmtools0-10.3.10-4.12.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3290	P	libxslt-tools-1.1.28-17.6.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:1081	P	Security update for MozillaFirefox (Important) (in QA)	2022-06-28
oval:org.opensuse.security:def:94655	P	liblua5_3-5-32bit-5.3.6-3.6.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:152	P	liblua5_3-5-32bit-5.3.4-3.3.2 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:93803	P	(Important)	2022-05-03
oval:org.opensuse.security:def:447	P	Security update for sphinx (Moderate)	2022-02-20
oval:org.opensuse.security:def:69734	P	Security update for webkit2gtk3 (Important)	2021-10-04
oval:org.opensuse.security:def:51661	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-09-23
oval:org.opensuse.security:def:89691	P	liblua5_3-5-32bit-5.3.4-3.3.2 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:61536	P	liblua5_3-5-32bit-5.3.4-3.3.2 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71277	P	liblua5_3-5-32bit-5.3.4-3.3.2 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:103346	P	liblua5_3-5-32bit-5.3.4-3.3.2 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96656	P	liblua5_3-5-32bit-5.3.4-3.3.2 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:49188	P	Security update for compat-openssl098 (Low)	2021-09-13
oval:org.opensuse.security:def:47669	P	libSoundTouch0-1.7.1-5.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48125	P	libicu-doc-52.1-8.7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47883	P	rzsz-0.12.21~rc-1001.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48196	P	libspice-client-glib-2_0-8-0.33-3.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48094	P	libarchive13-3.1.2-26.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46969	P	ibus-chewing-1.4.14-4.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47967	P	busybox-1.21.1-3.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46983	P	libHX28-3.18-1.18 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48029	P	groff-1.22.2-5.287 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46968	P	hyper-v-7-13.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47104	P	mailx-12.5-28.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47909	P	unixODBC-2.3.6-7.9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47297	P	java-1_8_0-openjdk-1.8.0.131-26.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47923	P	xfsprogs-4.15.0-1.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47908	P	ucode-intel-20180807a-13.35.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47429	P	libvncclient0-0.9.9-16.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48044	P	ibus-1.5.13-15.11.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47521	P	update-alternatives-1.18.4-14.216 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48237	P	mailman-2.1.17-3.8.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:62170	P	liblua5_3-5-32bit-5.3.4-3.3.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71911	P	liblua5_3-5-32bit-5.3.4-3.3.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100928	P	liblua5_3-5-32bit-5.3.4-3.3.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:48369	P	apache2-mod_jk-1.2.40-5.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70934	P	kernel-firmware-20180416-1.8 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48461	P	libQt5WebKit5-5.6.1-9.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48609	P	python-pywbem-0.7.0-4.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48823	P	argyllcms-1.6.3-3.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48834	P	gd-32bit-2.1.0-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48907	P	gnome-shell-calendar-3.20.4-77.17.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48888	P	typelib-1_0-EvinceDocument-3_0-3.20.1-5.66 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48969	P	typelib-1_0-EvinceDocument-3_0-3.20.2-6.22.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:71047	P	libxml2-2-2.9.7-1.30 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:69839	P	Security update for avahi (Moderate)	2021-06-04
oval:org.opensuse.security:def:51723	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:107182	P	liblua5_3-5-32bit-5.3.4-3.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2553	P	pidgin-plugin-otr-4.0.2-1.61 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2549	P	libvncclient0-0.9.10-4.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:100516	P	liblua5_3-5-32bit-5.3.4-3.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49034	P	libreoffice-6.2.7.1-43.56.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116740	P	liblua5_3-5-32bit-5.3.4-3.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61836	P	liblua5_3-5-32bit-5.3.4-3.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2029	P	python3-keystoneclient-3.15.0-2.33 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71577	P	liblua5_3-5-32bit-5.3.4-3.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2630	P	Security update for podman (Moderate)	2020-12-02
oval:org.opensuse.security:def:2638	P	Security update for webkit2gtk3 (Moderate)	2020-12-02
oval:org.opensuse.security:def:2559	P	Security update for spice-gtk (Moderate)	2020-12-02
oval:org.opensuse.security:def:2571	P	Security update for the Linux Kernel (Important)	2020-12-02
oval:org.opensuse.security:def:2585	P	Security update for c-ares (Moderate)	2020-12-02
oval:org.opensuse.security:def:2591	P	Security update for xorg-x11-server (Important)	2020-12-02
oval:org.opensuse.security:def:2600	P	Security update for docker-runc (Moderate)	2020-12-02
oval:org.opensuse.security:def:2624	P	Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman (Moderate)	2020-12-02
oval:org.opensuse.security:def:2640	P	Security update for libcdio (Low)	2020-12-02
oval:org.opensuse.security:def:49085	P	ecryptfs-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50216	P	NetworkManager-lang on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66483	P	liblua5_3-5-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49066	P	chrony on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73174	P	liblua5_3-5-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50412	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:49212	P	libpcap-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50466	P	Security update for lua53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:67594	P	enscript on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49417	P	libICE6-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67694	P	liblua5_3-5-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49563	P	libmpg123-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73056	P	coreutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49065	P	ceph-common on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49661	P	libdjvulibre-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49136	P	libICE-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49818	P	blktrace on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64260	P	giflib-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50312	P	Security update for openssl-1_1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:64347	P	liblua5_3-5-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50056	P	dpdk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49134	P	libFS-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50385	P	Security update for libu2f-host (Low)	2020-12-01
oval:org.opensuse.security:def:50281	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:49067	P	clamav on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50146	P	gimp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66391	P	g3utils on GA media (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20193706	P	RHSA-2019:3706: lua security and bug fix update (Moderate)	2019-11-05
oval:com.ubuntu.xenial:def:201967060000000	V	CVE-2019-6706 on Ubuntu 16.04 LTS (xenial) - medium.	2019-01-23
oval:com.ubuntu.bionic:def:20196706000	V	CVE-2019-6706 on Ubuntu 18.04 LTS (bionic) - medium.	2019-01-23
oval:com.ubuntu.cosmic:def:20196706000	V	CVE-2019-6706 on Ubuntu 18.10 (cosmic) - medium.	2019-01-23
oval:com.ubuntu.cosmic:def:201967060000000	V	CVE-2019-6706 on Ubuntu 18.10 (cosmic) - medium.	2019-01-23
oval:com.ubuntu.trusty:def:20196706000	V	CVE-2019-6706 on Ubuntu 14.04 LTS (trusty) - medium.	2019-01-23
oval:com.ubuntu.bionic:def:201967060000000	V	CVE-2019-6706 on Ubuntu 18.04 LTS (bionic) - medium.	2019-01-23
oval:com.ubuntu.xenial:def:20196706000	V	CVE-2019-6706 on Ubuntu 16.04 LTS (xenial) - medium.	2019-01-23

BACK