CVE-2024-25176

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-25176
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://gist.github.com/pwnhacker0x18/cd75d01fc7c9b6c85c183fbe5353d276 Third Party Advisory
https://github.com/LuaJIT/LuaJIT/commit/343ce0edaf3906a62022936175b2f5410024cbfc Patch
https://github.com/LuaJIT/LuaJIT/issues/1149 Exploit Issue Tracking
https://github.com/openresty/luajit2/commit/343ce0edaf3906a62022936175b2f5410024cbfc
https://lists.debian.org/debian-lts-announce/2025/08/msg00022.html
https://github.com/LuaJIT/LuaJIT/issues/1149 Exploit Issue Tracking
Configurations

Configuration 1 (hide)

cpe:2.3:a:luajit:luajit:*:*:*:*:*:*:*:*
History

03 Nov 2025, 19:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/08/msg00022.html -

24 Jul 2025, 16:15

Type Values Removed Values Added
Summary (en) LuaJIT through 2.1 has a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c. (en) LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c.
References
  • () https://github.com/openresty/luajit2/commit/343ce0edaf3906a62022936175b2f5410024cbfc -

17 Jul 2025, 16:01

Type Values Removed Values Added
References () https://gist.github.com/pwnhacker0x18/cd75d01fc7c9b6c85c183fbe5353d276 - () https://gist.github.com/pwnhacker0x18/cd75d01fc7c9b6c85c183fbe5353d276 - Third Party Advisory
References () https://github.com/LuaJIT/LuaJIT/commit/343ce0edaf3906a62022936175b2f5410024cbfc - () https://github.com/LuaJIT/LuaJIT/commit/343ce0edaf3906a62022936175b2f5410024cbfc - Patch
References () https://github.com/LuaJIT/LuaJIT/issues/1149 - () https://github.com/LuaJIT/LuaJIT/issues/1149 - Exploit, Issue Tracking
CPE cpe:2.3:a:luajit:luajit:*:*:*:*:*:*:*:*
First Time Luajit luajit
Luajit

08 Jul 2025, 18:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE CWE-121
References () https://github.com/LuaJIT/LuaJIT/issues/1149 - () https://github.com/LuaJIT/LuaJIT/issues/1149 -

08 Jul 2025, 16:18

Type Values Removed Values Added
Summary
  • (es) LuaJIT hasta 2.1 tiene un desbordamiento de búfer de pila en lj_strfmt_wfnum en lj_strfmt_num.c.

07 Jul 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-07 17:15

Updated : 2025-11-03 19:15

NVD link : CVE-2024-25176

Mitre link : CVE-2024-25176

CVE.ORG link : CVE-2024-25176

JSON object : View

Products Affected

luajit

  • luajit
CWE
CWE-121

Stack-based Buffer Overflow