CVE-2019-19391

Published: Nov 29, 2019 Last Modified: Nov 03, 2025

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,1

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: none

MEDIUM 6,4

Source: [email protected]

Access Vector: network

Access Complexity: low

Authentication: none

Confidentiality: partial

Integrity: partial

Availability: none

Description

AI Translation Available

In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and > options are mishandled. NOTE: The LuaJIT project owner states that the debug libary is unsafe by definition and that this is not a vulnerability. When LuaJIT was originally developed, the expectation was that the entire debug library had no security guarantees and thus it made no sense to assign CVEs. However, not all users of later LuaJIT derivatives share this perspective

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0027

Percentile

0,5th

Updated

EPSS Score Trend (Last 90 Days)

843

Access of Resource Using Incompatible Type ('Type Confusion')

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Integrity Confidentiality

Potential Impacts:

Read Memory Modify Memory Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart

Applicable Platforms

Languages: C, C++

View CWE Details

Application

Moonjit by Moonjit Project

Product Information

Vendor Moonjit Project

Product Moonjit

Version Range Affected

To 2.1.2 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:moonjit_project:moonjit:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Luajit by Luajit

Product Information

Vendor Luajit

Product Luajit

Version Range Affected

To 2.0.5 (inclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:luajit:luajit:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://github.com/LuaJIT/LuaJIT/pull/526

https://lists.debian.org/debian-lts-announce/2025/08/msg000…

https://lists.debian.org/debian-lts-announce/2025/08/msg00022.html

https://github.com/LuaJIT/LuaJIT/pull/526

CVE-2019-19391

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Access of Resource Using Incompatible Type ('Type Confusion')

Common Consequences

Applicable Platforms

Moonjit by Moonjit Project

Product Information

Luajit by Luajit

Product Information

Iscriviti alla newsletter