Critical severity9.8NVD Advisory· Published Jul 7, 2025· Updated Jun 17, 2026
CVE-2024-25176
CVE-2024-25176
Description
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
15- osv-coords12 versionspkg:apk/chainguard/luajitpkg:apk/chainguard/luajit-devpkg:apk/chainguard/luajit-docpkg:apk/wolfi/luajitpkg:apk/wolfi/luajit-devpkg:apk/wolfi/luajit-docpkg:rpm/opensuse/lua51-luajit&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/luajit&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/luajit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/luajit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/luajit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/luajit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7
< 0+ 11 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 2.1.0~beta2-150000.3.3.1
- (no CPE)range: < 2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
- (no CPE)range: < 2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
- (no CPE)range: < 2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
- (no CPE)range: < 2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
- (no CPE)range: < 2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
Patches
Vulnerability mechanics
References
5- github.com/LuaJIT/LuaJIT/commit/343ce0edaf3906a62022936175b2f5410024cbfcnvdPatch
- github.com/LuaJIT/LuaJIT/issues/1149nvdExploitIssue Tracking
- gist.github.com/pwnhacker0x18/cd75d01fc7c9b6c85c183fbe5353d276nvdThird Party Advisory
- github.com/openresty/luajit2/commit/343ce0edaf3906a62022936175b2f5410024cbfcnvd
- lists.debian.org/debian-lts-announce/2025/08/msg00022.htmlnvd
News mentions
0No linked articles in our index yet.