CNNVD-202507-731 Information

CNNVD ID

CNNVD-202507-731

Related CVE

CVE-2024-25176

• CNNVD Published: 2025-07-07

Description (Chinese)

LuaJIT是LuaJIT开源的一款用于Lua语言的即时编译器。 LuaJIT 2.1及之前版本存在安全漏洞，该漏洞源于lj_strfmt_num.c中的lj_strfmt_wfnum函数存在栈缓冲区溢出。

Description (English)

LuaJIT is an instant compiler for the LuaJIT open source. There is a security loophole in LuaJIT 2.1 and earlier versions, which stems from the spilling of the jj strfmt wfnum function in lj strfmt num.c.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

LuaJIT

Published

2025-07-07

Last Modified

2026-02-24

References

https://github.com/LuaJIT/LuaJIT/issues/1149 https://gist.github.com/pwnhacker0x18/cd75d01fc7c9b6c85c183fbe5353d276 https://github.com/openresty/luajit2/commit/343ce0edaf3906a62022936175b2f5410024cbfc https://github.com/LuaJIT/LuaJIT/commit/343ce0edaf3906a62022936175b2f5410024cbfc https://vigilance.fr/vulnerability/LuaJIT-buffer-overflow-via-lj-strfmt-num-c-47697