Lucene search
K

179 matches found

CVE
CVE
added 2025/07/07 12:0 a.m.47 views

CVE-2024-25176

CVE-2024-25176 affects LuaJIT 2.1 and OpenRusty luajit2 builds prior to 2.1-20240626, due to a stack-buffer-overflow in lj_strfmt_wfnum (lj_strfmt_num.c). This can lead to a crash or potentially arbitrary code execution depending on context (as noted in public advisories). A patched version is av...

9.8CVSS6.1AI score0.00483EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2025/07/07 12:0 a.m.3 views

CVE-2024-25176

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in ljstrfmtwfnum in ljstrfmtnum.c...

9.8CVSS5.2AI score0.00483EPSS
Exploits1
Debian CVE
Debian CVE
added 2025/07/07 12:0 a.m.3 views

CVE-2024-25177

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IRFSTORE for NULL metatable, which leads to Denial of Service DoS...

7.5CVSS6.2AI score0.00455EPSS
Exploits1
Debian CVE
Debian CVE
added 2025/07/07 12:0 a.m.3 views

CVE-2024-25178

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in ljstate.c...

9.1CVSS5.2AI score0.00536EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/07/07 12:0 a.m.2 views

CVE-2024-25177

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IRFSTORE for NULL metatable, which leads to Denial of Service DoS...

6.3AI score0.00455EPSS
Exploits1References4
CVE
CVE
added 2025/07/07 12:0 a.m.43 views

CVE-2024-25177

CVE-2024-25177 affects LuaJIT 2.1 and OpenRusty luajit2 before 20240314, due to an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS). Several advisories (Debian DLA-4283-1, CBL-Mariner, ALAS related entries) indicate patched packages exist and recommend upgrading l...

7.5CVSS6.2AI score0.00455EPSS
Exploits1References5Affected Software1
AlpineLinux
AlpineLinux
added 2025/07/07 12:0 a.m.3 views

CVE-2024-25177

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IRFSTORE for NULL metatable, which leads to Denial of Service DoS...

7.5CVSS6.2AI score0.00455EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2025/07/07 12:0 a.m.5 views

CVE-2024-25178

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in ljstate.c...

9.1CVSS6.6AI score0.00536EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2025/07/07 12:0 a.m.4 views

CVE-2024-25176

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in ljstrfmtwfnum in ljstrfmtnum.c...

9.8CVSS6.6AI score0.00483EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/07/07 12:0 a.m.4 views

PT-2025-28210

Name of the Vulnerable Software and Affected Versions: LuaJIT versions 2.1 and earlier Description: The issue is related to a stack-buffer-overflow in the lj strfmt wfnum function located in lj strfmt num.c. This overflow can potentially lead to exploitation. No information is provided about the...

9.8CVSS7.5AI score0.02862EPSS
Exploits5References33
Positive Technologies
Positive Technologies
added 2025/07/07 12:0 a.m.6 views

PT-2025-28212

Name of the Vulnerable Software and Affected Versions: LuaJIT versions prior to 2.1 Description: The issue is an out-of-bounds read in the stack-overflow handler in lj state.c. Recommendations: For versions prior to 2.1, update to a version that contains a fix for this issue...

9.8CVSS7.5AI score0.02862EPSS
Exploits5References33
Positive Technologies
Positive Technologies
added 2025/07/07 12:0 a.m.4 views

PT-2025-28211

Name of the Vulnerable Software and Affected Versions: LuaJIT versions through 2.1 Description: LuaJIT is susceptible to a denial-of-service DoS condition due to an unsinking of IR FSTORE for a NULL metatable. Recommendations: Update LuaJIT to a version later than 2.1...

9.8CVSS7.3AI score0.02862EPSS
Exploits5References33
RedhatCVE
RedhatCVE
added 2025/05/22 8:25 a.m.6 views

CVE-2019-19391

In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and options are mishandled. NOTE: The LuaJIT project owner states that...

9.1CVSS6.9AI score0.0133EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.4 views

PT-2025-28637 · Git +1 · Tarantool

Name of the Vulnerable Software and Affected Versions: luajit affected versions not specified Description: The software contains a heap-buffer-overflow read issue. The crash state involves lj buf ruleb128, lj bcread, and cpparser. Recommendations: At the moment, there is no information about a...

6.9AI score
Exploits0References2
F5 Networks
F5 Networks
added 2025/03/24 12:13 a.m.28 views

K000150505: LuaJIT vulnerabilities CVE-2019-19391, CVE-2020-15890, CVE-2020-24372

Security Advisory Description CVE-2019-19391 In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and options are mishandled...

9.1CVSS6.9AI score0.02862EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2019-19391

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or re...

9.1CVSS7.8AI score0.0133EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.19 views

Linux Distros Unpatched Vulnerability : CVE-2020-15890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LuaJit through 2.1.0-beta3 has an out-of-bounds read because gc handler frame traversal is mishandled. CVE-2020-15890 Note that Nessus relies on the presence of...

7.5CVSS6.7AI score0.02862EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/02/05 12:0 a.m.3 views

PT-2025-20013 · Git +1 · Tarantool

Name of the Vulnerable Software and Affected Versions: LuaJIT affected versions not specified Description: The LuaJIT software contains a heap-buffer-overflow vulnerability. The crash occurs within the lj strfmt pushvf function, which is called by err msgv and lj err msg. Recommendations: At the...

6.9AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/23 12:0 a.m.11 views

CVE-2024-39702

In ljstrhash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function used during string interning allows HashDoS Hash Denial of Service attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service...

6.7AI score0.00556EPSS
Exploits0References1
CVE
CVE
added 2024/07/23 12:0 a.m.202 views

CVE-2024-39702

OpenResty 1.19.3.1 through 1.25.3.1 contains a HashDoS vulnerability in lj_str_hash.c (string hashing during interning). The issue is limited to the OpenResty fork in openresty/luajit2; LuaJIT/LuaJIT repo is unaffected. Attackers can cause excessive resource usage during proxy operations with cra...

5.9CVSS6.4AI score0.00556EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder