25 matches found
LuaJIT 2.1.1774638290 - Arbitrary Code Execution
-- Exploit Title: LuaJIT 2.1.1774638290 - Arbitrary Code Execution -- Date: 2026-03-29 -- Exploit Author: TaurusOmar -- Vendor Homepage: https://luajit.org/ -- Software Link: https://luajit.org/download.html -- Version: LuaJIT 2.1.1774638290 latest -- Tested on: Linux x86-64 Arch Linux --...
CVE-2026-41196
Luanti (formerly Minetest) has a sandbox escape in LuaJIT affecting versions 5.0.0 through 5.15.1 (prior to 5.15.2). A malicious mod can escape the sandboxed Lua environment and run arbitrary code with full filesystem access on the user’s device, across server-side mods (including async and mapge...
EUVD-2026-23149
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod...
CVE-2026-34444
Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...
CVE-2026-34444
Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...
📄 LuaJIT 2.1.1774638290 Arbitrary Code Execution
LuaJIT's Foreign Function Interface FFI provides unrestricted access to native C functions including syscall, mmap, mprotect and arbitrary shared library loading. When FFI is accessible to untrusted Lua code in embedding scenarios OpenResty, Redis, game engines, IoT, an attacker can achieve...
Linux Distros Unpatched Vulnerability : CVE-2024-25177
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IRFSTORE for NULL metatable, which leads to Denial of Service DoS...
SUSE CVE-2024-25178
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in ljstate.c...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the stack-overflow handler in ljstate.c. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - GitHub Gist - GitHub Issue Credit: Kutyavin Maxim...
DEBIAN-CVE-2024-25177
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IRFSTORE for NULL metatable, which leads to Denial of Service DoS...
DEBIAN-CVE-2024-25178
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in ljstate.c...
ALPINE-CVE-2024-25178
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in ljstate.c...
AZL-65424 CVE-2024-25178 affecting package sysbench for versions less than 1.0.20-6
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in ljstate.c...
DEBIAN-CVE-2024-25176
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in ljstrfmtwfnum in ljstrfmtnum.c...
AZL-65535 CVE-2024-25177 affecting package luajit for versions less than 2.1.0-28
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IRFSTORE for NULL metatable, which leads to Denial of Service DoS...
AZL-65370 CVE-2024-25176 affecting package luajit for versions less than 2.1.0-27
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in ljstrfmtwfnum in ljstrfmtnum.c...
UBUNTU-CVE-2024-25176
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in ljstrfmtwfnum in ljstrfmtnum.c...
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the ljstrfmtwfnum function in ljstrfmtnum.c. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - GitHub Gist - GitHub Issue Credit: Kutyavin Maxim...
SUSE CVE-2020-15890
LuaJit through 2.1.0-beta3 has an out-of-bounds read because gc handler frame traversal is mishandled...
The vulnerability of the `static ptrdiff_t finderrfunc` function in the `src/lj_err.c` file of the LuaJIT compiler, a programming language for Lua. This vulnerability allows an attacker to cause a service failure.
The vulnerability of the static ptrdifft finderrfunc function in the src/ljerr.c file of the LuaJIT compiler for the Lua programming language is related to reading data beyond the allowed buffer size. Exploiting this vulnerability could allow a remote attacker to cause a service failure...