{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-25178", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-07-08T17:36:38.900Z", "dateReserved": "2024-02-07T00:00:00.000Z", "datePublished": "2025-07-07T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-07-07T16:44:05.132Z"}, "descriptions": [{"lang": "en", "value": "LuaJIT through 2.1 has an out-of-bounds read in the stack-overflow handler in lj_state.c"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/LuaJIT/LuaJIT/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8"}, {"url": "https://github.com/LuaJIT/LuaJIT/issues/1152"}, {"url": "https://gist.github.com/pwnhacker0x18/423b4292f301ab274b42d5ed6e0b87d8"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "CWE-125 Out-of-bounds Read"}]}], "references": [{"url": "https://github.com/LuaJIT/LuaJIT/issues/1152", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-07-08T15:35:53.840391Z", "id": "CVE-2024-25178", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-08T17:36:38.900Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/LuaJIT/LuaJIT/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8"}, {"url": "https://github.com/LuaJIT/LuaJIT/issues/1152"}, {"url": "https://gist.github.com/pwnhacker0x18/423b4292f301ab274b42d5ed6e0b87d8"}], "descriptions": [{"lang": "en", "value": "LuaJIT through 2.1 has an out-of-bounds read in the stack-overflow handler in lj_state.c"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-07-07T16:44:05.132Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-25178", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-08T15:35:53.840391Z"}}}], "references": [{"url": "https://github.com/LuaJIT/LuaJIT/issues/1152", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2025-07-07T19:43:02.344Z"}}]}, "cveMetadata": {"cveId": "CVE-2024-25178", "state": "PUBLISHED", "dateUpdated": "2025-07-07T16:44:05.132Z", "dateReserved": "2024-02-07T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-07-07T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "LuaJIT through 2.1 has an out-of-bounds read in the stack-overflow handler in lj_state.c"}, {"lang": "es", "value": "LuaJIT hasta la versi\u00f3n 2.1 tiene una lectura fuera de los l\u00edmites en el controlador de desbordamiento de pila en lj_state.c"}], "id": "CVE-2024-25178", "lastModified": "2025-07-08T18:15:25.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-07-07T17:15:27.527", "references": [{"source": "[email protected]", "url": "https://gist.github.com/pwnhacker0x18/423b4292f301ab274b42d5ed6e0b87d8"}, {"source": "[email protected]", "url": "https://github.com/LuaJIT/LuaJIT/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8"}, {"source": "[email protected]", "url": "https://github.com/LuaJIT/LuaJIT/issues/1152"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/LuaJIT/LuaJIT/issues/1152"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "luajit: Out of bounds read in LuaJIT", "id": "2376880", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376880"}, "csaw": false, "cvss3": {"cvss3_base_score": "1.9", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-125", "details": ["LuaJIT through 2.1 has an out-of-bounds read in the stack-overflow handler in lj_state.c", "An out-of-bounds read was found in LuaJIT. This issue was uncovered through fuzzing, and no real-world exploit has been demonstrated."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-25178", "package_state": [{"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Fix deferred", "package_name": "luajit", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Fix deferred", "package_name": "luajit", "product_name": "Red Hat OpenStack Platform 18.0"}], "public_date": "2025-07-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-25178\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-25178\nhttps://gist.github.com/pwnhacker0x18/423b4292f301ab274b42d5ed6e0b87d8\nhttps://github.com/LuaJIT/LuaJIT/commit/defe61a56751a0db5f00ff3ab7b8f45436ba74c8\nhttps://github.com/LuaJIT/LuaJIT/issues/1152"], "threat_severity": "Low"}