Debian Luajit vulnerabilities

6 known vulnerabilities affecting debian/luajit.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1LOW3

Vulnerabilities

Page 1 of 1
CVE-2024-25178CRITICALCVSS 9.1fixed in luajit 2.1.0~beta3+git20220320+dfsg-4.1+deb12u1 (bookworm)2024
CVE-2024-25178 [CRITICAL] CVE-2024-25178: luajit - LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bou... LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c. Scope: local bookworm: resolved (fixed in 2.1.0~beta3+git20220320+dfsg-4.1+deb12u1) bullseye: resolved (fixed in 2.1.0~beta3+dfsg-5.3+deb11u1) forky: resolved (fixed in 2.1.0+openresty20240314-1) sid: resolved (fixed in 2.1.0+openr
debian
CVE-2024-25176CRITICALCVSS 9.8fixed in luajit 2.1.0~beta3+git20220320+dfsg-4.1+deb12u1 (bookworm)2024
CVE-2024-25176 [CRITICAL] CVE-2024-25176: luajit - LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffe... LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c. Scope: local bookworm: resolved (fixed in 2.1.0~beta3+git20220320+dfsg-4.1+deb12u1) bullseye: resolved (fixed in 2.1.0~beta3+dfsg-5.3+deb11u1) forky: resolved (fixed in 2.1.0+openresty20240314-1) sid: resolved (fixed in 2.1.0+openresty
debian
CVE-2024-25177HIGHCVSS 7.5fixed in luajit 2.1.0~beta3+git20220320+dfsg-4.1+deb12u1 (bookworm)2024
CVE-2024-25177 [HIGH] CVE-2024-25177: luajit - LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking ... LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS). Scope: local bookworm: resolved (fixed in 2.1.0~beta3+git20220320+dfsg-4.1+deb12u1) bullseye: resolved (fixed in 2.1.0~beta3+dfsg-5.3+deb11u1) forky: resolved (fixed in 2.1.0+openresty20240314-1) sid: resolved (fixed
debian
CVE-2020-15890LOWCVSS 7.5fixed in luajit 2.1.0~beta3+git20210112+dfsg-2 (bookworm)2020
CVE-2020-15890 [HIGH] CVE-2020-15890: luajit - LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame ... LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled. Scope: local bookworm: resolved (fixed in 2.1.0~beta3+git20210112+dfsg-2) bullseye: resolved (fixed in 2.1.0~beta3+dfsg-5.3+deb11u1) forky: resolved (fixed in 2.1.0~beta3+git20210112+dfsg-2) sid: resolved (fixed in 2.1.0~beta3+git20210112+dfsg-2) trixie: resolved
debian
CVE-2020-24372LOWCVSS 7.5fixed in luajit 2.1.0~beta3+git20210112+dfsg-2 (bookworm)2020
CVE-2020-24372 [HIGH] CVE-2020-24372: luajit - LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in lj_err.c. LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in lj_err.c. Scope: local bookworm: resolved (fixed in 2.1.0~beta3+git20210112+dfsg-2) bullseye: resolved (fixed in 2.1.0~beta3+dfsg-5.3+deb11u1) forky: resolved (fixed in 2.1.0~beta3+git20210112+dfsg-2) sid: resolved (fixed in 2.1.0~beta3+git20210112+dfsg-2) trixie: resolved (fixed in 2.1.0~beta3+git2021
debian
CVE-2019-19391LOWCVSS 9.1fixed in luajit 2.1.0~beta3+git20210112+dfsg-2 (bookworm)2019
CVE-2019-19391 [CRITICAL] CVE-2019-19391: luajit - In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, deb... In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and > options are mishandled. NOTE: The LuaJIT project owner states that the debug libary is unsafe by definition and that this is not a vu
debian