CVE-2024-25177

Name

CVE-2024-25177

Description

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS).

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
cve@mitre.org	https://gist.github.com/pwnhacker0x18/a73f560d79f2c3d4011d6c5a2676f04a
cve@mitre.org	https://github.com/LuaJIT/LuaJIT/commit/85b4fed0b0353dd78c8c875c2f562d522a2b310f
cve@mitre.org	https://github.com/LuaJIT/LuaJIT/issues/1147
cve@mitre.org	https://github.com/openresty/luajit2/commit/85b4fed0b0353dd78c8c875c2f562d522a2b310f
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/08/msg00022.html

Match rules

CPE URI	Source package	Min version	Max version
	n/a	== n/a	== n/a

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
luajit	edge-main	2.1_p20240815-r1	Jakub Jirutka <jakub@jirutka.cz>	fixed
luajit	edge-main	2.1_p20240815-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
luajit	3.22-main	2.1_p20240815-r1	Jakub Jirutka <jakub@jirutka.cz>	fixed
luajit	3.21-main	2.1_p20240815-r1	None	fixed
luajit	3.21-main	2.1_p20240815-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
luajit	3.20-main	2.1_p20240815-r1	None	fixed
luajit	3.20-main	2.1_p20240314-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
luajit	3.19-main	2.1_p20240815-r1	None	fixed
luajit	3.19-main	2.1_p20230410-r3	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable