Critical severity9.1NVD Advisory· Published Jul 7, 2025· Updated Jun 17, 2026
CVE-2024-25178
CVE-2024-25178
Description
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
15- osv-coords12 versionspkg:apk/chainguard/luajitpkg:apk/chainguard/luajit-devpkg:apk/chainguard/luajit-docpkg:apk/wolfi/luajitpkg:apk/wolfi/luajit-devpkg:apk/wolfi/luajit-docpkg:rpm/opensuse/lua51-luajit&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/luajit&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/luajit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/luajit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/luajit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/luajit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7
< 0+ 11 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 2.1.0~beta2-150000.3.3.1
- (no CPE)range: < 2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
- (no CPE)range: < 2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
- (no CPE)range: < 2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
- (no CPE)range: < 2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
- (no CPE)range: < 2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1
Patches
Vulnerability mechanics
References
5- github.com/LuaJIT/LuaJIT/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8nvdPatch
- github.com/LuaJIT/LuaJIT/issues/1152nvdExploitIssue Tracking
- gist.github.com/pwnhacker0x18/423b4292f301ab274b42d5ed6e0b87d8nvdThird Party Advisory
- github.com/openresty/luajit2/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8nvd
- lists.debian.org/debian-lts-announce/2025/08/msg00022.htmlnvd
News mentions
0No linked articles in our index yet.