CNNVD-202507-732 Information

CNNVD ID

CNNVD-202507-732

Related CVE

CVE-2024-25178

• CNNVD Published: 2025-07-07

Description (Chinese)

LuaJIT是LuaJIT开源的一款用于Lua语言的即时编译器。 LuaJIT 2.1及之前版本存在安全漏洞，该漏洞源于lj_state.c中的栈溢出处理程序存在越界读取。

Description (English)

LuaJIT is an instant compiler for the LuaJIT open source. There is a security loophole in LuaJIT 2.1 and earlier versions, which stems from the presence of a cross-border readout process in lj state.c.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

LuaJIT

Published

2025-07-07

Last Modified

2026-02-24

References

https://github.com/LuaJIT/LuaJIT/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8 https://gist.github.com/pwnhacker0x18/423b4292f301ab274b42d5ed6e0b87d8 https://github.com/openresty/luajit2/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8 https://github.com/LuaJIT/LuaJIT/issues/1152 https://vigilance.fr/vulnerability/LuaJIT-buffer-overflow-via-lj-state-c-47698