You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
luajit
About this tag
LuaJIT is a high-performance just-in-time compiler and runtime for the Lua programming language, widely used in servers, game engines, and telemetry agents. On WindowsForum.com, discussions focus on security vulnerabilities affecting LuaJIT, particularly CVE-2024-25176 (stack-buffer-overflow in number formatting), CVE-2024-25177 (DoS via NULL metatable unsinking), and CVE-2024-25178 (supply chain risk). These vulnerabilities impact LuaJIT through version 2.1 and related OpenResty luajit2 builds. Microsoft's Azure Linux distribution includes the vulnerable library, highlighting supply chain security concerns for Windows administrators managing Linux-based cloud workloads. Topics cover patch guidance, risk assessment, and remediation steps for enterprise environments.
LuaJIT — the high-performance JIT-based implementation of the Lua language — has a serious stack-buffer-overflow vulnerability (CVE-2024-25176) in the number-formatting code that affects releases through 2.1 and related OpenResty luajit2 builds. Microsoft’s initial advisory notes that the Azure...
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 contain a vulnerability (tracked as CVE-2024-25177) that can cause a Denial of Service (DoS) by triggering an unsinking of the IR_FSTORE operation when a NULL metatable is encountered, allowing an attacker to crash or otherwise make...
CVE-2024-25178 is a real-world reminder that even tiny pieces of high‑performance open‑source software can become a critical link in the supply‑chain security story — Microsoft has publicly attested that Azure Linux includes the vulnerable LuaJIT component, but that attestation is a...