CVE-2024-25176

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-25176

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25176.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-25176

Downstream

ALPINE-CVE-2024-25176

BELL-CVE-2024-25176

DEBIAN-CVE-2024-25176

DLA-4283-1

ECHO-0c63-8fb4-89c9

MINI-rmq7-986g-jrjf

SUSE-SU-2025:02886-1

SUSE-SU-2025:03378-1

UBUNTU-CVE-2024-25176

Related

Published

2025-07-07T17:15:27.247Z

Modified

2026-04-02T10:08:20.802665Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in ljstrfmtwfnum in ljstrfmtnum.c.

References

Affected packages

Git / github.com/luajit/luajit

Affected ranges

Type

GIT

Repo

https://github.com/luajit/luajit

Events

Introduced

Last affected

2090842410e0ba6f81fad310a77bf5432488249a

Fixed

343ce0edaf3906a62022936175b2f5410024cbfc

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1"
        }
    ]
}

Type: GIT
Repo: https://github.com/openresty/luajit2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

343ce0edaf3906a62022936175b2f5410024cbfc

Affected versions

v2.*

v2.0.0

v2.0.0-beta1

v2.0.0-beta10

v2.0.0-beta11

v2.0.0-beta2

v2.0.0-beta2-hotfix2

v2.0.0-beta3

v2.0.0-beta4

v2.0.0-beta5

v2.0.0-beta6

v2.0.0-beta7

v2.0.0-beta8

v2.0.0-beta8-fixed

v2.0.0-beta9

v2.0.0-rc1

v2.0.0-rc2

v2.0.0-rc3

v2.0.1

v2.0.1-fixed

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.ROLLING

v2.1-11182013

v2.1-11252013

v2.1-12032013

v2.1-20131211

v2.1-20131219

v2.1-20140101

v2.1-20140109

v2.1-20140129

v2.1-20140204

v2.1-20140207

v2.1-20140228

v2.1-20140304

v2.1-20140305

v2.1-20140313

v2.1-20140320

v2.1-20140325

v2.1-20140330

v2.1-20140401

v2.1-20140403

v2.1-20140411

v2.1-20140419

v2.1-20140423

v2.1-20140513

v2.1-20140515

v2.1-20140515-2

v2.1-20140520

v2.1-20140529

v2.1-20140531

v2.1-20140607

v2.1-20140627

v2.1-20140703

v2.1-20140707

v2.1-20140731

v2.1-20140805

v2.1-20140920

v2.1-20141024

v2.1-20141115

v2.1-20141128

v2.1-20150120

v2.1-20150218

v2.1-20150223

v2.1-20150331

v2.1-20150622

v2.1-20151028

v2.1-20151205

v2.1-20151219

v2.1-20160108

v2.1-20160514

v2.1-20160516

v2.1-20160517

v2.1-20161104

v2.1-20170405

v2.1-20170513

v2.1-20170517

v2.1-20170808

v2.1-20170925

v2.1-20171103

v2.1-20180419

v2.1-20180420

v2.1-20181029

v2.1-20190115

v2.1-20190130

v2.1-20190131

v2.1-20190221

v2.1-20190228

v2.1-20190302

v2.1-20190329

v2.1-20190507

v2.1-20190530

v2.1-20190626

v2.1-20190912

v2.1-20200102

v2.1-20201001

v2.1-20201002

v2.1-20201008

v2.1-20201012

v2.1-20201012-2

v2.1-20201027

v2.1-20201229

v2.1-20210510

v2.1-20210510.1

v2.1-20211210

v2.1-20220111

v2.1-20220309

v2.1-20220310

v2.1-20220411

v2.1-20220915

v2.1-20230119

v2.1-20230410

v2.1-20230410.1

v2.1-20230911

v2.1-20231006

v2.1-20231021

v2.1-20231117

v2.1-20231117.1

v2.1.0-beta1

v2.1.0-beta2

v2.1.0-beta3

v2.1.ROLLING

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25176.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.1.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "luajit2"
            },
            {
                "fixed": "v2.1-20240626"
            }
        ]
    }
]

vanir_signatures

[
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "184377265502471948946011847305557628028",
                "126985615680567155763244816895876325150",
                "256480103875299304460977140873185636357",
                "150376957051957027109142554037398449154"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/openresty/luajit2/commit/343ce0edaf3906a62022936175b2f5410024cbfc",
        "id": "CVE-2024-25176-19801fc3",
        "target": {
            "file": "src/lj_strfmt_num.c"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "184377265502471948946011847305557628028",
                "126985615680567155763244816895876325150",
                "256480103875299304460977140873185636357",
                "150376957051957027109142554037398449154"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/luajit/luajit/commit/343ce0edaf3906a62022936175b2f5410024cbfc",
        "id": "CVE-2024-25176-a4706ff3",
        "target": {
            "file": "src/lj_strfmt_num.c"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "38540755679721982889331743041600852543",
            "length": 9111.0
        },
        "source": "https://github.com/openresty/luajit2/commit/343ce0edaf3906a62022936175b2f5410024cbfc",
        "id": "CVE-2024-25176-da55b03f",
        "target": {
            "file": "src/lj_strfmt_num.c",
            "function": "lj_strfmt_wfnum"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "38540755679721982889331743041600852543",
            "length": 9111.0
        },
        "source": "https://github.com/luajit/luajit/commit/343ce0edaf3906a62022936175b2f5410024cbfc",
        "id": "CVE-2024-25176-e6c324de",
        "target": {
            "file": "src/lj_strfmt_num.c",
            "function": "lj_strfmt_wfnum"
        }
    }
]