Mike Pall

CVE-2024-25176 WRITEUP CRITICAL WRITEUP

LuaJIT <2.1-20240626 - Buffer Overflow

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c.

CVSS 9.8

View Code

CVE-2024-25176 WRITEUP CRITICAL WRITEUP

LuaJIT <2.1-20240626 - Buffer Overflow

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c.

CVSS 9.8

View Code

CVE-2024-25177 WRITEUP HIGH WRITEUP

LuaJIT < 2.1.0 - Denial of Service via NULL Metatable IR_FSTORE Unsinking

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS).

CVSS 7.5

View Code

CVE-2024-25177 WRITEUP HIGH WRITEUP

LuaJIT < 2.1.0 - Denial of Service via NULL Metatable IR_FSTORE Unsinking

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS).

CVSS 7.5

View Code

CVE-2024-25178 WRITEUP CRITICAL WRITEUP

LuaJIT < 2.1.0 - Out-of-bounds Read in Stack-Overflow Handler

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c.

CVSS 9.1

View Code

CVE-2024-25178 WRITEUP CRITICAL WRITEUP

LuaJIT < 2.1.0 - Out-of-bounds Read in Stack-Overflow Handler

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c.

CVSS 9.1

View Code