CVE-2024-25178

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-25178

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-25178.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-25178

Downstream

ALPINE-CVE-2024-25178

AZL-65373

AZL-65391

AZL-65424

BELL-CVE-2024-25178

DEBIAN-CVE-2024-25178

DLA-4283-1

ECHO-6f63-3619-1ec8

MINI-q472-g4c2-wm6p

SUSE-SU-2025:02886-1

SUSE-SU-2025:03378-1

UBUNTU-CVE-2024-25178

Related

Published

2025-07-07T00:00:00Z

Modified

2026-05-18T05:57:44.584848130Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

[none]

Details

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/25xxx/CVE-2024-25178.json",
    "cna_assigner": "mitre"
}

References

Affected packages

Git / github.com/luajit/luajit

Affected ranges

Type: GIT
Repo: https://github.com/luajit/luajit
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2090842410e0ba6f81fad310a77bf5432488249a

Affected versions

v2.*

v2.0.0

v2.0.0-beta1

v2.0.0-beta10

v2.0.0-beta11

v2.0.0-beta2

v2.0.0-beta2-hotfix2

v2.0.0-beta3

v2.0.0-beta4

v2.0.0-beta5

v2.0.0-beta6

v2.0.0-beta7

v2.0.0-beta8

v2.0.0-beta8-fixed

v2.0.0-beta9

v2.0.0-rc1

v2.0.0-rc2

v2.0.0-rc3

v2.0.1

v2.0.1-fixed

v2.1.0-beta1

v2.1.0-beta2

v2.1.0-beta3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-25178.json"

Git / github.com/openresty/luajit2

Affected ranges

Type: GIT
Repo: https://github.com/openresty/luajit2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

15f58c9648ee40a3fb6617e22e2f3fdff80d66b8

Affected versions

v2.*

v2.0.0

v2.0.0-beta1

v2.0.0-beta10

v2.0.0-beta11

v2.0.0-beta2

v2.0.0-beta2-hotfix2

v2.0.0-beta3

v2.0.0-beta4

v2.0.0-beta5

v2.0.0-beta6

v2.0.0-beta7

v2.0.0-beta8

v2.0.0-beta8-fixed

v2.0.0-beta9

v2.0.0-rc1

v2.0.0-rc2

v2.0.0-rc3

v2.0.1

v2.0.1-fixed

v2.1-11182013

v2.1-11252013

v2.1-12032013

v2.1-20131211

v2.1-20131219

v2.1-20140101

v2.1-20140129

v2.1-20140204

v2.1-20140207

v2.1-20140228

v2.1-20140304

v2.1-20140305

v2.1-20140313

v2.1-20140325

v2.1-20140330

v2.1-20140401

v2.1-20140403

v2.1-20140411

v2.1-20140419

v2.1-20140423

v2.1-20140513

v2.1-20140515

v2.1-20140515-2

v2.1-20140520

v2.1-20140529

v2.1-20140531

v2.1-20140607

v2.1-20140627

v2.1-20140703

v2.1-20140707

v2.1-20140731

v2.1-20140805

v2.1-20140920

v2.1-20141024

v2.1-20141115

v2.1-20141128

v2.1-20150120

v2.1-20150218

v2.1-20150223

v2.1-20150331

v2.1-20150622

v2.1-20151028

v2.1-20151205

v2.1-20151219

v2.1-20160108

v2.1-20160514

v2.1-20160516

v2.1-20160517

v2.1-20161104

v2.1-20170405

v2.1-20170513

v2.1-20170517

v2.1-20170808

v2.1-20170925

v2.1-20171103

v2.1-20180419

v2.1-20180420

v2.1-20181029

v2.1-20190115

v2.1-20190130

v2.1-20190131

v2.1-20190221

v2.1-20190228

v2.1-20190302

v2.1-20190329

v2.1-20190507

v2.1-20190530

v2.1-20190626

v2.1-20190912

v2.1-20200102

v2.1-20201001

v2.1-20201002

v2.1-20201008

v2.1-20201012-2

v2.1-20201027

v2.1-20201229

v2.1-20210510

v2.1-20211210

v2.1-20220111

v2.1-20220309

v2.1-20220310

v2.1-20220411

v2.1-20220915

v2.1-20230119

v2.1-20230410

v2.1-20230911

v2.1-20231006

v2.1-20231021

v2.1-20231117

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-25178.json"