{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-25178", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-07-24T15:44:28.667Z", "dateReserved": "2024-02-07T00:00:00.000Z", "datePublished": "2025-07-07T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-07-24T15:44:28.667Z"}, "descriptions": [{"lang": "en", "value": "LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/LuaJIT/LuaJIT/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8"}, {"url": "https://github.com/LuaJIT/LuaJIT/issues/1152"}, {"url": "https://gist.github.com/pwnhacker0x18/423b4292f301ab274b42d5ed6e0b87d8"}, {"url": "https://github.com/openresty/luajit2/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "CWE-125 Out-of-bounds Read"}]}], "references": [{"url": "https://github.com/LuaJIT/LuaJIT/issues/1152", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-07-08T15:35:53.840391Z", "id": "CVE-2024-25178", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-08T17:36:38.900Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-25178", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-08T15:35:53.840391Z"}}}], "references": [{"url": "https://github.com/LuaJIT/LuaJIT/issues/1152", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-07T19:43:02.344Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/LuaJIT/LuaJIT/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8"}, {"url": "https://github.com/LuaJIT/LuaJIT/issues/1152"}, {"url": "https://gist.github.com/pwnhacker0x18/423b4292f301ab274b42d5ed6e0b87d8"}, {"url": "https://github.com/openresty/luajit2/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8"}], "descriptions": [{"lang": "en", "value": "LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-07-24T15:44:28.667Z"}}}, "cveMetadata": {"cveId": "CVE-2024-25178", "state": "PUBLISHED", "dateUpdated": "2025-07-24T15:44:28.667Z", "dateReserved": "2024-02-07T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-07-07T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:luajit:luajit:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0A5319F-41C9-4D57-91E2-13595C0B0891", "versionEndIncluding": "2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c."}, {"lang": "es", "value": "LuaJIT hasta la versi\u00f3n 2.1 tiene una lectura fuera de los l\u00edmites en el controlador de desbordamiento de pila en lj_state.c"}], "id": "CVE-2024-25178", "lastModified": "2025-07-24T16:15:30.580", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-07-07T17:15:27.527", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/pwnhacker0x18/423b4292f301ab274b42d5ed6e0b87d8"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/LuaJIT/LuaJIT/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/LuaJIT/LuaJIT/issues/1152"}, {"source": "cve@mitre.org", "url": "https://github.com/openresty/luajit2/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/LuaJIT/LuaJIT/issues/1152"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "luajit: Out of bounds read in LuaJIT", "id": "2376880", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376880"}, "csaw": false, "cvss3": {"cvss3_base_score": "1.9", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-125", "details": ["LuaJIT through 2.1 has an out-of-bounds read in the stack-overflow handler in lj_state.c", "An out-of-bounds read was found in LuaJIT. This issue was uncovered through fuzzing, and no real-world exploit has been demonstrated."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-25178", "package_state": [{"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Fix deferred", "package_name": "luajit", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Fix deferred", "package_name": "luajit", "product_name": "Red Hat OpenStack Platform 18.0"}], "public_date": "2025-07-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-25178\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-25178\nhttps://gist.github.com/pwnhacker0x18/423b4292f301ab274b42d5ed6e0b87d8\nhttps://github.com/LuaJIT/LuaJIT/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8\nhttps://github.com/LuaJIT/LuaJIT/issues/1152"], "threat_severity": "Low"}