1 results (0.002 seconds)
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19391
https://notcve.org/view.php?id=CVE-2019-19391
29 Nov 2019 — In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and > options are mishandled. NOTE: The LuaJIT project owner states that the debug libary is unsafe by definition and that this is not a vulnerability. When LuaJIT was originally developed, the expectation was that the entire debug library had no security guarantees and thus it made no... • https://github.com/LuaJIT/LuaJIT/pull/526 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •