{"id":"CVE-2024-25176","details":"LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c.","modified":"2026-04-10T05:10:57.109652Z","published":"2025-07-07T17:15:27.247Z","related":["CGA-fqcg-54rh-wxvf","SUSE-SU-2025:02886-1","SUSE-SU-2025:03378-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/08/msg00022.html"},{"type":"ADVISORY","url":"https://gist.github.com/pwnhacker0x18/cd75d01fc7c9b6c85c183fbe5353d276"},{"type":"REPORT","url":"https://github.com/LuaJIT/LuaJIT/issues/1149"},{"type":"FIX","url":"https://github.com/openresty/luajit2/commit/343ce0edaf3906a62022936175b2f5410024cbfc"},{"type":"FIX","url":"https://github.com/LuaJIT/LuaJIT/commit/343ce0edaf3906a62022936175b2f5410024cbfc"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/luajit/luajit","events":[{"introduced":"0"},{"last_affected":"2090842410e0ba6f81fad310a77bf5432488249a"},{"fixed":"343ce0edaf3906a62022936175b2f5410024cbfc"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.1"}]}},{"type":"GIT","repo":"https://github.com/openresty/luajit2","events":[{"introduced":"0"},{"fixed":"343ce0edaf3906a62022936175b2f5410024cbfc"}]}],"versions":["v2.0.0","v2.0.0-beta1","v2.0.0-beta10","v2.0.0-beta11","v2.0.0-beta2","v2.0.0-beta2-hotfix2","v2.0.0-beta3","v2.0.0-beta4","v2.0.0-beta5","v2.0.0-beta6","v2.0.0-beta7","v2.0.0-beta8","v2.0.0-beta8-fixed","v2.0.0-beta9","v2.0.0-rc1","v2.0.0-rc2","v2.0.0-rc3","v2.0.1","v2.0.1-fixed","v2.1.0-beta1","v2.1.0-beta2","v2.1.0-beta3","v2.1.ROLLING"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.1.0"}]},{"events":[{"introduced":"luajit2"},{"fixed":"v2.1-20240626"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25176.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}