CVE-2024-25177

CVE-2024-25177 affects LuaJIT 2.1 and OpenRusty luajit2 before 20240314, due to an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS). Several advisories (Debian DLA-4283-1, CBL-Mariner, ALAS related entries) indicate patched packages exist and recommend upgrading l...

CVE-2024-25176

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in ljstrfmtwfnum in ljstrfmtnum.c...

CVE-2024-25176

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in ljstrfmtwfnum in ljstrfmtnum.c...

CVE-2024-25177

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IRFSTORE for NULL metatable, which leads to Denial of Service DoS...

LuaJIT 安全漏洞

LuaJIT is a LuaJIT open source on-the-fly compiler for the Lua language. A security vulnerability exists in LuaJIT 2.1 and earlier versions, which stems from a stack buffer overflow in the ljstrfmtwfnum function in ljstrfmtnum.c. The vulnerability is caused by a stack buffer overflow in the...

CVE-2024-25177

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IRFSTORE for NULL metatable, which leads to Denial of Service DoS...

CVE-2024-25177

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IRFSTORE for NULL metatable, which leads to Denial of Service DoS...

CVE-2024-25178

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in ljstate.c...

CVE-2024-25178

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in ljstate.c...

CVE-2024-25178

CVE-2024-25178 affects LuaJIT 2.1 and OpenRusty luajit2 up to the affected ranges, with an out-of-bounds read in the stack-overflow handler (lj_state.c). Connected advisories and debian/Mariner/Fedora updates confirm patched versions exist (e.g., Debian 11 buster update to 2.1.0~beta3+dfsg-5.3+de...

CVE-2024-25178

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in ljstate.c...

CVE-2024-25176

CVE-2024-25176 affects LuaJIT 2.1 and OpenRusty luajit2 builds prior to 2.1-20240626, due to a stack-buffer-overflow in lj_strfmt_wfnum (lj_strfmt_num.c). This can lead to a crash or potentially arbitrary code execution depending on context (as noted in public advisories). A patched version is av...

CVE-2019-19391

In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and options are mishandled. NOTE: The LuaJIT project owner states that...

PT-2025-28637 · Git +1 · Tarantool

Name of the Vulnerable Software and Affected Versions: luajit affected versions not specified Description: The software contains a heap-buffer-overflow read issue. The crash state involves lj buf ruleb128, lj bcread, and cpparser. Recommendations: At the moment, there is no information about a...

K000150505: LuaJIT vulnerabilities CVE-2019-19391, CVE-2020-15890, CVE-2020-24372

Security Advisory Description CVE-2019-19391 In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and options are mishandled...

Linux Distros Unpatched Vulnerability : CVE-2020-15890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LuaJit through 2.1.0-beta3 has an out-of-bounds read because gc handler frame traversal is mishandled. CVE-2020-15890 Note that Nessus relies on the presence of...

Linux Distros Unpatched Vulnerability : CVE-2019-19391

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or re...

PT-2025-20013 · Git +1 · Tarantool

Name of the Vulnerable Software and Affected Versions: LuaJIT affected versions not specified Description: The LuaJIT software contains a heap-buffer-overflow vulnerability. The crash occurs within the lj strfmt pushvf function, which is called by err msgv and lj err msg. Recommendations: At the...

CVE-2024-39702

OpenResty 1.19.3.1 through 1.25.3.1 contains a HashDoS vulnerability in lj_str_hash.c (string hashing during interning). The issue is limited to the OpenResty fork in openresty/luajit2; LuaJIT/LuaJIT repo is unaffected. Attackers can cause excessive resource usage during proxy operations with cra...

CVE-2024-39702

In ljstrhash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function used during string interning allows HashDoS Hash Denial of Service attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service...