References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Known Affected Software Configurations Switch to CPE 2.2

Change History

LuaJIT through 2.1 has an out-of-bounds read in the stack-overflow handler in lj_state.c

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c.

https://github.com/openresty/luajit2/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8

OR
          *cpe:2.3:a:luajit:luajit:*:*:*:*:*:*:*:* versions up to (including) 2.1.0

CISA-ADP: https://github.com/LuaJIT/LuaJIT/issues/1152 Types: Exploit, Issue Tracking

MITRE: https://gist.github.com/pwnhacker0x18/423b4292f301ab274b42d5ed6e0b87d8 Types: Third Party Advisory

MITRE: https://github.com/LuaJIT/LuaJIT/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8 Types: Patch

MITRE: https://github.com/LuaJIT/LuaJIT/issues/1152 Types: Exploit, Issue Tracking

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-125

https://github.com/LuaJIT/LuaJIT/issues/1152

LuaJIT through 2.1 has an out-of-bounds read in the stack-overflow handler in lj_state.c

https://gist.github.com/pwnhacker0x18/423b4292f301ab274b42d5ed6e0b87d8

https://github.com/LuaJIT/LuaJIT/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8

https://github.com/LuaJIT/LuaJIT/issues/1152