How severe is CVE-2019-19391?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2019-19391?

This is classified as CWE-843, which is a common weakness in software security.

CVE-2019-19391 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and > options are mishandled. NOTE: The LuaJIT project owner states that the debug libary is unsafe by definition and that this is not a vulnerability. When LuaJIT was originally developed, the expectation was that the entire debug library had no security guarantees and thus it made no sense to assign CVEs. However, not all users of later LuaJIT derivatives share this perspective

Related Vulnerabilities

CVE-2020-5754

CRITICAL

CVSS:9.1(Critical)

Webroot endpoint agents prior to version v9.0.28.48 allows remote attackers to trigger a type confusion vulnerability over its listening TCP port, resulting in crashing or reading memory contents of t...

CWE-8432020

CVE-2021-46743

CRITICAL

CVSS:9.1(Critical)

In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attack...

CWE-8432021

CVE-2024-54507

CRITICAL

CVSS:9.1(Critical)

A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An attacker with user privileges may be able to read kernel mem...

CWE-8432024

CVE-2019-5183

CRITICAL

CVSS:9.0(Critical)

An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type co...

CWE-8432019

CVE-2024-38219

CRITICAL

CVSS:9.0(Critical)

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CWE-8432024

CVE-2024-4058

CRITICAL

CVSS:9.0(Critical)

Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

CWE-8432024