CVE-2024-25178

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-25178
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-25178.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-25178
Downstream
Related
Published
2025-07-07T17:15:27.527Z
Modified
2025-11-23T04:15:40.998025Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c.

References

Affected packages

Git / github.com/luajit/luajit

Affected ranges

Type
GIT
Repo
https://github.com/luajit/luajit
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
defe61a56751a0db5f00ff3ab7b8f45436ba74c8

Affected versions

v2.*

v2.0.0
v2.0.0-beta1
v2.0.0-beta10
v2.0.0-beta11
v2.0.0-beta2
v2.0.0-beta2-hotfix2
v2.0.0-beta3
v2.0.0-beta4
v2.0.0-beta5
v2.0.0-beta6
v2.0.0-beta7
v2.0.0-beta8
v2.0.0-beta8-fixed
v2.0.0-beta9
v2.0.0-rc1
v2.0.0-rc2
v2.0.0-rc3
v2.0.1
v2.0.1-fixed
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.ROLLING

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/luajit/luajit/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8",
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2024-25178-16d06e12",
        "target": {
            "file": "src/lj_state.c"
        },
        "digest": {
            "line_hashes": [
                "277024855705172535011344108957442779773",
                "193341672357919148145521472639704451384",
                "239817343184206947973547231590700306149",
                "271657220955694740216157348712103466851",
                "151015622724334242152379780113683322815",
                "208884359861957586290619840674240379838",
                "137851220125126039734150454611207961730",
                "249763080357394971460150877036173573539",
                "108865677583523157312376737950178335334",
                "90513587949215906042301769096487702116",
                "201372420145530435073427262751136916973",
                "140081803099111383703159557805636865972",
                "26833242892596005318803701951642670227",
                "236427332506692914507654054535035984418",
                "337510366572983224077165314320187776736",
                "277971212153318530724414602621330352166",
                "177298771810510089332421618840280769209",
                "277010972630919169706352803208896369876",
                "92095899878429511972813154301841668788",
                "127592519123815158622255260146181694635",
                "76157443837616571298013795723806884545"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "source": "https://github.com/luajit/luajit/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8",
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2024-25178-287d868c",
        "target": {
            "file": "src/lj_err.c"
        },
        "digest": {
            "line_hashes": [
                "175265014896106002403946613573786699968",
                "197399067499152755998847627260198159960",
                "116940952920393853474400420530029569999",
                "17195866420894312641159619656422570504",
                "270305923755407770796822705000165410927",
                "191473466209037161331382735023326294999",
                "103866882458321787333621118024924364456",
                "286528071522097903130088633731689501022",
                "205418231937864698460410781796669678690",
                "210835692443088131349037926938450397004",
                "175274725561173045038395520611593296651",
                "279102159455966962128442334341789984528",
                "74967209383444881529968484594066922671"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "source": "https://github.com/luajit/luajit/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8",
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2024-25178-4bde8851",
        "target": {
            "function": "debug_framepc",
            "file": "src/lj_debug.c"
        },
        "digest": {
            "length": 1548.0,
            "function_hash": "50067456856387634292401281977494003867"
        },
        "deprecated": false
    },
    {
        "source": "https://github.com/luajit/luajit/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8",
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2024-25178-754e033d",
        "target": {
            "function": "lj_state_growstack",
            "file": "src/lj_state.c"
        },
        "digest": {
            "length": 536.0,
            "function_hash": "250095970941643160031860255363092946226"
        },
        "deprecated": false
    },
    {
        "source": "https://github.com/luajit/luajit/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8",
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2024-25178-965900fb",
        "target": {
            "file": "src/lj_err.h"
        },
        "digest": {
            "line_hashes": [
                "54050595518120967622896392845927167681",
                "15070245444666457301793099561169003833",
                "320681905010042593851437360386241621384",
                "314491342751211321455725763182361569391"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "source": "https://github.com/luajit/luajit/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8",
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2024-25178-defbf192",
        "target": {
            "function": "lj_err_run",
            "file": "src/lj_err.c"
        },
        "digest": {
            "length": 552.0,
            "function_hash": "74590149630808721859909653481560825931"
        },
        "deprecated": false
    },
    {
        "source": "https://github.com/luajit/luajit/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8",
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2024-25178-f0fb33fb",
        "target": {
            "file": "src/lj_debug.c"
        },
        "digest": {
            "line_hashes": [
                "134549044816835016606906774647420951103",
                "170817815714175202946605932544776752531",
                "218582723080459621474861288584455163421",
                "327053795116861641334942614506163330548"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "source": "https://github.com/luajit/luajit/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8",
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2024-25178-fcbfadab",
        "target": {
            "function": "lj_err_mem",
            "file": "src/lj_err.c"
        },
        "digest": {
            "length": 293.0,
            "function_hash": "152599931405697861393702385850197640506"
        },
        "deprecated": false
    }
]

Git / github.com/openresty/luajit2

Affected ranges

Type
GIT
Repo
https://github.com/openresty/luajit2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
defe61a56751a0db5f00ff3ab7b8f45436ba74c8

Affected versions

v2.*

v2.0.0
v2.0.0-beta1
v2.0.0-beta10
v2.0.0-beta11
v2.0.0-beta2
v2.0.0-beta2-hotfix2
v2.0.0-beta3
v2.0.0-beta4
v2.0.0-beta5
v2.0.0-beta6
v2.0.0-beta7
v2.0.0-beta8
v2.0.0-beta8-fixed
v2.0.0-beta9
v2.0.0-rc1
v2.0.0-rc2
v2.0.0-rc3
v2.0.1
v2.0.1-fixed
v2.0.2
v2.0.3
v2.0.4
v2.0.5

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/openresty/luajit2/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8",
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2024-25178-027b122f",
        "target": {
            "file": "src/lj_err.h"
        },
        "digest": {
            "line_hashes": [
                "54050595518120967622896392845927167681",
                "15070245444666457301793099561169003833",
                "320681905010042593851437360386241621384",
                "314491342751211321455725763182361569391"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "source": "https://github.com/openresty/luajit2/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8",
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2024-25178-088621e0",
        "target": {
            "file": "src/lj_err.c"
        },
        "digest": {
            "line_hashes": [
                "175265014896106002403946613573786699968",
                "197399067499152755998847627260198159960",
                "116940952920393853474400420530029569999",
                "17195866420894312641159619656422570504",
                "270305923755407770796822705000165410927",
                "191473466209037161331382735023326294999",
                "103866882458321787333621118024924364456",
                "286528071522097903130088633731689501022",
                "205418231937864698460410781796669678690",
                "210835692443088131349037926938450397004",
                "175274725561173045038395520611593296651",
                "279102159455966962128442334341789984528",
                "74967209383444881529968484594066922671"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "source": "https://github.com/openresty/luajit2/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8",
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2024-25178-6ee6d6d4",
        "target": {
            "file": "src/lj_debug.c"
        },
        "digest": {
            "line_hashes": [
                "134549044816835016606906774647420951103",
                "170817815714175202946605932544776752531",
                "218582723080459621474861288584455163421",
                "327053795116861641334942614506163330548"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "source": "https://github.com/openresty/luajit2/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8",
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2024-25178-7caeb2df",
        "target": {
            "file": "src/lj_state.c"
        },
        "digest": {
            "line_hashes": [
                "277024855705172535011344108957442779773",
                "193341672357919148145521472639704451384",
                "239817343184206947973547231590700306149",
                "271657220955694740216157348712103466851",
                "151015622724334242152379780113683322815",
                "208884359861957586290619840674240379838",
                "137851220125126039734150454611207961730",
                "249763080357394971460150877036173573539",
                "108865677583523157312376737950178335334",
                "90513587949215906042301769096487702116",
                "201372420145530435073427262751136916973",
                "140081803099111383703159557805636865972",
                "26833242892596005318803701951642670227",
                "236427332506692914507654054535035984418",
                "337510366572983224077165314320187776736",
                "277971212153318530724414602621330352166",
                "177298771810510089332421618840280769209",
                "277010972630919169706352803208896369876",
                "92095899878429511972813154301841668788",
                "127592519123815158622255260146181694635",
                "76157443837616571298013795723806884545"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "source": "https://github.com/openresty/luajit2/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8",
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2024-25178-97ecb279",
        "target": {
            "function": "lj_err_mem",
            "file": "src/lj_err.c"
        },
        "digest": {
            "length": 293.0,
            "function_hash": "152599931405697861393702385850197640506"
        },
        "deprecated": false
    },
    {
        "source": "https://github.com/openresty/luajit2/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8",
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2024-25178-a53d421c",
        "target": {
            "function": "lj_state_growstack",
            "file": "src/lj_state.c"
        },
        "digest": {
            "length": 536.0,
            "function_hash": "250095970941643160031860255363092946226"
        },
        "deprecated": false
    },
    {
        "source": "https://github.com/openresty/luajit2/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8",
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2024-25178-ac20fe0e",
        "target": {
            "function": "lj_err_run",
            "file": "src/lj_err.c"
        },
        "digest": {
            "length": 552.0,
            "function_hash": "74590149630808721859909653481560825931"
        },
        "deprecated": false
    },
    {
        "source": "https://github.com/openresty/luajit2/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8",
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2024-25178-c4cdde9f",
        "target": {
            "function": "debug_framepc",
            "file": "src/lj_debug.c"
        },
        "digest": {
            "length": 1548.0,
            "function_hash": "50067456856387634292401281977494003867"
        },
        "deprecated": false
    }
]