References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Known Affected Software Configurations Switch to CPE 2.2

Change History

LuaJIT through 2.1 has an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS).

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS).

https://github.com/openresty/luajit2/commit/85b4fed0b0353dd78c8c875c2f562d522a2b310f

OR
          *cpe:2.3:a:luajit:luajit:*:*:*:*:*:*:*:* versions up to (including) 2.1.0

CISA-ADP: https://github.com/LuaJIT/LuaJIT/issues/1147 Types: Exploit, Issue Tracking

MITRE: https://gist.github.com/pwnhacker0x18/a73f560d79f2c3d4011d6c5a2676f04a Types: Third Party Advisory

MITRE: https://github.com/LuaJIT/LuaJIT/commit/85b4fed0b0353dd78c8c875c2f562d522a2b310f Types: Patch

MITRE: https://github.com/LuaJIT/LuaJIT/issues/1147 Types: Exploit, Issue Tracking

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-476

https://github.com/LuaJIT/LuaJIT/issues/1147

LuaJIT through 2.1 has an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS).

https://gist.github.com/pwnhacker0x18/a73f560d79f2c3d4011d6c5a2676f04a

https://github.com/LuaJIT/LuaJIT/commit/85b4fed0b0353dd78c8c875c2f562d522a2b310f

https://github.com/LuaJIT/LuaJIT/issues/1147