CVE-2024-25176
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-25176
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25176.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-25176
- Downstream
- Related
- Published
- 2025-07-07T17:15:27Z
- Modified
- 2025-08-26T01:18:47.148561Z
- Summary
- [none]
- Details
-
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in ljstrfmtwfnum in ljstrfmtnum.c.
- References
-
- https://gist.github.com/pwnhacker0x18/cd75d01fc7c9b6c85c183fbe5353d276
- https://github.com/LuaJIT/LuaJIT/issues/1149
- https://github.com/LuaJIT/LuaJIT/commit/343ce0edaf3906a62022936175b2f5410024cbfc
- https://github.com/openresty/luajit2/commit/343ce0edaf3906a62022936175b2f5410024cbfc
- https://security-tracker.debian.org/tracker/CVE-2024-25176
Affected packages
Debian:11 / luajit
Package
- Name
- luajit
- Purl
- pkg:deb/debian/luajit?arch=source
Debian:12 / luajit
Package
- Name
- luajit
- Purl
- pkg:deb/debian/luajit?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.1.0~beta3+git20220320+dfsg-4.1
2.1.0+git20231223.c525bcb+dfsg-1
2.1.0+openresty20231117-1
2.1.0+openresty20231117-2
2.1.0+openresty20240314-1
2.1.0+openresty20240626-1
2.1.0+openresty20240815-1
2.1.0+openresty20240815-1.1
2.1.0+openresty20240815-1.2
2.1.0+openresty20241113-1
2.1.0+openresty20241113-2
2.1.0+openresty20241113-3
2.1.0+openresty20250117-1
2.1.0+openresty20250117-2
2.1.0+openresty20250117-2+hurd.1
Debian:13 / luajit
Package
- Name
- luajit
- Purl
- pkg:deb/debian/luajit?arch=source
Debian:14 / luajit
Package
- Name
- luajit
- Purl
- pkg:deb/debian/luajit?arch=source
Git / github.com/luajit/luajit
Affected ranges
- Type
- GIT
- Repo
- https://github.com/luajit/luajit
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/openresty/luajit2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v2.*
v2.0.0
v2.0.0-beta1
v2.0.0-beta10
v2.0.0-beta11
v2.0.0-beta2
v2.0.0-beta2-hotfix2
v2.0.0-beta3
v2.0.0-beta4
v2.0.0-beta5
v2.0.0-beta6
v2.0.0-beta7
v2.0.0-beta8
v2.0.0-beta8-fixed
v2.0.0-beta9
v2.0.0-rc1
v2.0.0-rc2
v2.0.0-rc3
v2.0.1
v2.0.1-fixed
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.ROLLING
v2.1.0-beta1
v2.1.0-beta2
v2.1.0-beta3
v2.1.ROLLING