CVE-2024-25176

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-25176

Severity

9.8

Critical

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-25176
https://github.com/advisories/GHSA-xvfg-m24j-r4pm
https://lists.debian.org/debian-lts-announce/2025/08/msg00022.html
https://gist.github.com/pwnhacker0x18/cd75d01fc7c9b6c85c183fbe5353d276
https://github.com/LuaJIT/LuaJIT/issues/1149
https://github.com/LuaJIT/LuaJIT/commit/343ce0edaf3906a62022936175b2f5410024cbfc
https://github.com/openresty/luajit2/commit/343ce0edaf3906a62022936175b2f5410024cbfc

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2024-25176

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company