{"id":"CVE-2024-25178","details":"LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c.","modified":"2026-06-02T03:54:53.763599419Z","published":"2025-07-07T00:00:00Z","related":["CGA-rcfx-q3h7-6q9q","SUSE-SU-2025:02886-1","SUSE-SU-2025:03378-1"],"database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/25xxx/CVE-2024-25178.json"},"references":[{"type":"WEB","url":"https://gist.github.com/pwnhacker0x18/423b4292f301ab274b42d5ed6e0b87d8"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/08/msg00022.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/25xxx/CVE-2024-25178.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25178"},{"type":"REPORT","url":"https://github.com/LuaJIT/LuaJIT/issues/1152"},{"type":"FIX","url":"https://github.com/LuaJIT/LuaJIT/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8"},{"type":"FIX","url":"https://github.com/openresty/luajit2/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/luajit/luajit","events":[{"introduced":"0"},{"fixed":"2090842410e0ba6f81fad310a77bf5432488249a"}]}],"versions":["v2.1.0-beta3","v2.1.0-beta2","v2.1.0-beta1","v2.0.1-fixed","v2.0.1","v2.0.0-rc3","v2.0.0","v2.0.0-rc2","v2.0.0-rc1","v2.0.0-beta11","v2.0.0-beta10","v2.0.0-beta9","v2.0.0-beta8-fixed","v2.0.0-beta8","v2.0.0-beta7","v2.0.0-beta6","v2.0.0-beta5","v2.0.0-beta4","v2.0.0-beta3","v2.0.0-beta2-hotfix2","v2.0.0-beta2","v2.0.0-beta1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-25178.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/openresty/luajit2","events":[{"introduced":"0"},{"fixed":"15f58c9648ee40a3fb6617e22e2f3fdff80d66b8"}]}],"versions":["v2.1-20210510","v2.1-20230410","v2.1-20231117","v2.1-20231021","v2.1-20231006","v2.1-20230911","v2.1-20230119","v2.1-20220915","v2.1-20220411","v2.1-20220310","v2.1-20220309","v2.1-20220111","v2.1-20211210","v2.1-20201229","v2.1-20201027","v2.1-20201012-2","v2.1-20201008","v2.1-20201002","v2.1-20201001","v2.1-20200102","v2.1-20190912","v2.1-20190626","v2.1-20190530","v2.1-20190507","v2.1-20190329","v2.1-20190302","v2.1-20190228","v2.1-20190221","v2.1-20190131","v2.1-20190130","v2.1-20190115","v2.1-20181029","v2.1-20180420","v2.1-20180419","v2.1-20171103","v2.1-20170925","v2.1-20170808","v2.1-20170517","v2.1-20170513","v2.1-20170405","v2.1-20161104","v2.1-20160517","v2.1-20160516","v2.1-20160514","v2.1-20160108","v2.1-20151219","v2.1-20151205","v2.1-20151028","v2.1-20150622","v2.1-20150331","v2.1-20150223","v2.1-20150218","v2.1-20150120","v2.1-20141128","v2.1-20141115","v2.1-20141024","v2.1-20140920","v2.1-20140805","v2.1-20140731","v2.1-20140707","v2.1-20140703","v2.1-20140627","v2.1-20140607","v2.1-20140531","v2.1-20140529","v2.1-20140520","v2.1-20140515-2","v2.1-20140515","v2.1-20140513","v2.1-20140423","v2.1-20140419","v2.1-20140411","v2.1-20140403","v2.1-20140401","v2.1-20140330","v2.1-20140325","v2.1-20140313","v2.1-20140305","v2.1-20140304","v2.1-20140228","v2.1-20140207","v2.1-20140204","v2.1-20140129","v2.1-20140101","v2.1-20131219","v2.1-20131211","v2.1-12032013","v2.1-11252013","v2.1-11182013","v2.0.1-fixed","v2.0.1","v2.0.0-rc3","v2.0.0","v2.0.0-rc2","v2.0.0-rc1","v2.0.0-beta11","v2.0.0-beta10","v2.0.0-beta9","v2.0.0-beta8-fixed","v2.0.0-beta8","v2.0.0-beta7","v2.0.0-beta6","v2.0.0-beta5","v2.0.0-beta4","v2.0.0-beta3","v2.0.0-beta2-hotfix2","v2.0.0-beta2","v2.0.0-beta1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-25178.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}