179 matches found
CVE-2024-25176
CVE-2024-25176 affects LuaJIT 2.1 and OpenRusty luajit2 builds prior to 2.1-20240626, due to a stack-buffer-overflow in lj_strfmt_wfnum (lj_strfmt_num.c). This can lead to a crash or potentially arbitrary code execution depending on context (as noted in public advisories). A patched version is av...
CVE-2024-25176
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in ljstrfmtwfnum in ljstrfmtnum.c...
CVE-2024-25177
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IRFSTORE for NULL metatable, which leads to Denial of Service DoS...
CVE-2024-25178
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in ljstate.c...
CVE-2024-25177
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IRFSTORE for NULL metatable, which leads to Denial of Service DoS...
CVE-2024-25177
CVE-2024-25177 affects LuaJIT 2.1 and OpenRusty luajit2 before 20240314, due to an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS). Several advisories (Debian DLA-4283-1, CBL-Mariner, ALAS related entries) indicate patched packages exist and recommend upgrading l...
CVE-2024-25177
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IRFSTORE for NULL metatable, which leads to Denial of Service DoS...
CVE-2024-25178
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in ljstate.c...
CVE-2024-25176
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in ljstrfmtwfnum in ljstrfmtnum.c...
PT-2025-28210
Name of the Vulnerable Software and Affected Versions: LuaJIT versions 2.1 and earlier Description: The issue is related to a stack-buffer-overflow in the lj strfmt wfnum function located in lj strfmt num.c. This overflow can potentially lead to exploitation. No information is provided about the...
PT-2025-28212
Name of the Vulnerable Software and Affected Versions: LuaJIT versions prior to 2.1 Description: The issue is an out-of-bounds read in the stack-overflow handler in lj state.c. Recommendations: For versions prior to 2.1, update to a version that contains a fix for this issue...
PT-2025-28211
Name of the Vulnerable Software and Affected Versions: LuaJIT versions through 2.1 Description: LuaJIT is susceptible to a denial-of-service DoS condition due to an unsinking of IR FSTORE for a NULL metatable. Recommendations: Update LuaJIT to a version later than 2.1...
CVE-2019-19391
In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and options are mishandled. NOTE: The LuaJIT project owner states that...
PT-2025-28637 · Git +1 · Tarantool
Name of the Vulnerable Software and Affected Versions: luajit affected versions not specified Description: The software contains a heap-buffer-overflow read issue. The crash state involves lj buf ruleb128, lj bcread, and cpparser. Recommendations: At the moment, there is no information about a...
K000150505: LuaJIT vulnerabilities CVE-2019-19391, CVE-2020-15890, CVE-2020-24372
Security Advisory Description CVE-2019-19391 In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and options are mishandled...
Linux Distros Unpatched Vulnerability : CVE-2019-19391
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or re...
Linux Distros Unpatched Vulnerability : CVE-2020-15890
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LuaJit through 2.1.0-beta3 has an out-of-bounds read because gc handler frame traversal is mishandled. CVE-2020-15890 Note that Nessus relies on the presence of...
PT-2025-20013 · Git +1 · Tarantool
Name of the Vulnerable Software and Affected Versions: LuaJIT affected versions not specified Description: The LuaJIT software contains a heap-buffer-overflow vulnerability. The crash occurs within the lj strfmt pushvf function, which is called by err msgv and lj err msg. Recommendations: At the...
CVE-2024-39702
In ljstrhash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function used during string interning allows HashDoS Hash Denial of Service attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service...
CVE-2024-39702
OpenResty 1.19.3.1 through 1.25.3.1 contains a HashDoS vulnerability in lj_str_hash.c (string hashing during interning). The issue is limited to the OpenResty fork in openresty/luajit2; LuaJIT/LuaJIT repo is unaffected. Attackers can cause excessive resource usage during proxy operations with cra...