UBUNTU-CVE-2024-25176
A stack-buffer-overflow vulnerability exists in LuaJIT through version 2.1 and OpenRusty luajit2 before v2.1-20240626 in the lj_strfmt_wfnum function within lj_strfmt_num.c. This vulnerability can lead to complete compromise of confidentiality, integrity, and availability. Multiple specific package versions of LuaJIT are affected. No known exploits are reported in the wild at this time.
AI Analysis
Technical Summary
A stack-buffer-overflow vulnerability exists in LuaJIT through version 2.1 and OpenRusty luajit2 before v2.1-20240626, specifically in the lj_strfmt_wfnum function in lj_strfmt_num.c. This vulnerability allows an attacker to cause memory corruption that can lead to full compromise of the system's confidentiality, integrity, and availability. The affected versions include certain Ubuntu package releases of LuaJIT and OpenResty luajit2 as listed. The CVSS 3.1 vector indicates network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation of this stack-buffer-overflow vulnerability can result in complete compromise of the affected system, including unauthorized disclosure of information, modification of data, and denial of service. The CVSS score vector indicates critical impact on confidentiality, integrity, and availability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor vendor channels for updates. Avoid using affected versions where possible until a fix is available.
UBUNTU-CVE-2024-25176
Description
A stack-buffer-overflow vulnerability exists in LuaJIT through version 2.1 and OpenRusty luajit2 before v2.1-20240626 in the lj_strfmt_wfnum function within lj_strfmt_num.c. This vulnerability can lead to complete compromise of confidentiality, integrity, and availability. Multiple specific package versions of LuaJIT are affected. No known exploits are reported in the wild at this time.
CVSS v3.1
Affected software
pkg:deb/ubuntu/[email protected]~beta3+dfsg-5.1ubuntu0.18.04.1~esm1?arch=source&distro=esm-apps/bionicpkg:deb/ubuntu/[email protected]~beta3+dfsg-5.1ubuntu0.20.04.1~esm1?arch=source&distro=esm-apps/focalpkg:deb/ubuntu/[email protected]~beta3+dfsg-6ubuntu0.1?arch=source&distro=jammypkg:deb/ubuntu/[email protected]+git20231223.c525bcb+dfsg-1ubuntu0.1?arch=source&distro=noblepkg:deb/ubuntu/[email protected]+openresty20250117-2ubuntu1?arch=source&distro=questingpkg:deb/ubuntu/[email protected]+openresty20251030-1?arch=source&distro=resoluteRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
A stack-buffer-overflow vulnerability exists in LuaJIT through version 2.1 and OpenRusty luajit2 before v2.1-20240626, specifically in the lj_strfmt_wfnum function in lj_strfmt_num.c. This vulnerability allows an attacker to cause memory corruption that can lead to full compromise of the system's confidentiality, integrity, and availability. The affected versions include certain Ubuntu package releases of LuaJIT and OpenResty luajit2 as listed. The CVSS 3.1 vector indicates network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation of this stack-buffer-overflow vulnerability can result in complete compromise of the affected system, including unauthorized disclosure of information, modification of data, and denial of service. The CVSS score vector indicates critical impact on confidentiality, integrity, and availability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor vendor channels for updates. Avoid using affected versions where possible until a fix is available.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- UBUNTU-CVE-2024-25176
- Osv Schema Version
- 1.7.0
- Aliases
- []
- Ecosystems
- ["Ubuntu:Pro:18.04:LTS","Ubuntu:Pro:20.04:LTS","Ubuntu:22.04:LTS","Ubuntu:24.04:LTS","Ubuntu:25.10","Ubuntu:26.04:LTS"]
- Database Specific Severity
- null
- Cvss Version
- 3.1
Threat ID: 6a58b50e68715ace43db32b6
Added to database: 07/16/2026, 10:40:14 UTC
Last enriched: 07/16/2026, 14:24:33 UTC
Last updated: 07/16/2026, 23:03:47 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.