Lucene search
K

26 matches found

OSV
OSV
added 2026/06/18 9:28 p.m.5 views

MGASA-2026-0225 Updated luajit packages fix security vulnerabilities

In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and options are mishandled. CVE-2019-19391 LuaJIT through 2.1.0-beta3 h...

9.8CVSS6.9AI score0.01469EPSS
Exploits4References4
Exploit DB
Exploit DB
added 2026/05/07 12:0 a.m.76 views

LuaJIT 2.1.1774638290 - Arbitrary Code Execution

-- Exploit Title: LuaJIT 2.1.1774638290 - Arbitrary Code Execution -- Date: 2026-03-29 -- Exploit Author: TaurusOmar -- Vendor Homepage: https://luajit.org/ -- Software Link: https://luajit.org/download.html -- Version: LuaJIT 2.1.1774638290 latest -- Tested on: Linux x86-64 Arch Linux --...

5.8AI score
Exploits0
CVE
CVE
added 2026/04/23 12:28 a.m.54 views

CVE-2026-41196

Luanti (formerly Minetest) has a sandbox escape in LuaJIT affecting versions 5.0.0 through 5.15.1 (prior to 5.15.2). A malicious mod can escape the sandboxed Lua environment and run arbitrary code with full filesystem access on the user’s device, across server-side mods (including async and mapge...

10CVSS6.2AI score0.00374EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/16 12:51 a.m.7 views

EUVD-2026-23149

Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod...

9.3CVSS5.8AI score0.00182EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/06 4:16 p.m.3 views

CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

10CVSS6AI score0.00613EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/04/06 3:30 p.m.3 views

CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

10CVSS5.8AI score0.00613EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/03/30 12:0 a.m.111 views

📄 LuaJIT 2.1.1774638290 Arbitrary Code Execution

LuaJIT's Foreign Function Interface FFI provides unrestricted access to native C functions including syscall, mmap, mprotect and arbitrary shared library loading. When FFI is accessible to untrusted Lua code in embedding scenarios OpenResty, Redis, game engines, IoT, an attacker can achieve...

6.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-25177

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IRFSTORE for NULL metatable, which leads to Denial of Service DoS...

7.5CVSS6.4AI score0.00455EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/07/08 11:54 p.m.4 views

SUSE CVE-2024-25178

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in ljstate.c...

3.3CVSS6.8AI score0.00536EPSS
Exploits1References5
Snyk
Snyk
added 2025/07/07 5:41 p.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the stack-overflow handler in ljstate.c. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - GitHub Gist - GitHub Issue Credit: Kutyavin Maxim...

9.1CVSS6.9AI score0.00536EPSS
Exploits1References2
OSV
OSV
added 2025/07/07 5:15 p.m.7 views

AZL-65424 CVE-2024-25178 affecting package sysbench for versions less than 1.0.20-6

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in ljstate.c...

9.1CVSS5.8AI score0.00536EPSS
Exploits1References1
OSV
OSV
added 2025/07/07 5:15 p.m.4 views

DEBIAN-CVE-2024-25178

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in ljstate.c...

9.1CVSS5.3AI score0.00536EPSS
Exploits1References1
OSV
OSV
added 2025/07/07 5:15 p.m.9 views

AZL-65535 CVE-2024-25177 affecting package luajit for versions less than 2.1.0-28

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IRFSTORE for NULL metatable, which leads to Denial of Service DoS...

7.5CVSS5.7AI score0.00455EPSS
Exploits1References1
OSV
OSV
added 2025/07/07 5:15 p.m.2 views

DEBIAN-CVE-2024-25176

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in ljstrfmtwfnum in ljstrfmtnum.c...

9.8CVSS5.3AI score0.00483EPSS
Exploits1References1
OSV
OSV
added 2025/07/07 5:15 p.m.5 views

ALPINE-CVE-2024-25178

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in ljstate.c...

9.1CVSS7AI score0.00536EPSS
Exploits1References1
OSV
OSV
added 2025/07/07 5:15 p.m.8 views

AZL-65370 CVE-2024-25176 affecting package luajit for versions less than 2.1.0-27

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in ljstrfmtwfnum in ljstrfmtnum.c...

9.8CVSS5.8AI score0.00483EPSS
Exploits1References1
OSV
OSV
added 2025/07/07 5:15 p.m.3 views

DEBIAN-CVE-2024-25177

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IRFSTORE for NULL metatable, which leads to Denial of Service DoS...

7.5CVSS6.2AI score0.00455EPSS
Exploits1References1
OSV
OSV
added 2025/07/07 5:15 p.m.7 views

UBUNTU-CVE-2024-25176

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in ljstrfmtwfnum in ljstrfmtnum.c...

9.8CVSS5.8AI score0.00483EPSS
Exploits1References5
Snyk
Snyk
added 2025/07/07 4:45 p.m.2 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the ljstrfmtwfnum function in ljstrfmtnum.c. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - GitHub Gist - GitHub Issue Credit: Kutyavin Maxim...

9.8CVSS7AI score0.00483EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.4 views

SUSE CVE-2020-15890

LuaJit through 2.1.0-beta3 has an out-of-bounds read because gc handler frame traversal is mishandled...

7.5CVSS7AI score0.02862EPSS
Exploits1References3
Rows per page
Query Builder