CVE-2026-24809
Unknown Unknown - Not Provided

Heap-Buffer Overflow in praydog REFramework luaG_runerror Component

Vulnerability report for CVE-2026-24809, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-27

Last updated on: 2026-01-27

Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)

Description

An issue from the component luaG_runerror in dependencies/lua/src/ldebug.c in praydog/REFramework version before 1.5.5 leads to a heap-buffer overflow when a recursive error occurs.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-27
Last Modified
2026-01-27
Generated
2026-07-06
AI Q&A
2026-01-27
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
praydog reframework to 1.5.5 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a heap-buffer overflow in the luaG_runerror function within the REFramework project before version 1.5.5. It occurs when a recursive error happens, causing improper error handling that leads to memory corruption. The issue stems from the luaG_runerror function not having received a critical security patch that was applied in the official Lua repository, which allowed excessive stack space usage and related security problems. This flaw was fixed by applying the official Lua patch to REFramework's codebase. [1]

Impact Analysis

This heap-buffer overflow vulnerability can lead to memory corruption, which may be exploited to cause crashes or potentially execute arbitrary code. Such impacts can compromise the stability and security of applications using the affected REFramework versions, possibly leading to denial of service or unauthorized actions within the affected environment. [1]

Mitigation Strategies

To mitigate this vulnerability, update the praydog/REFramework to version 1.5.5 or later, which includes the security fix for the luaG_runerror heap-buffer overflow issue. This fix applies the official Lua patch to the error handling code, preventing the vulnerability without requiring a Lua version upgrade. Applying this update will eliminate the heap-buffer overflow caused by recursive errors. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24809. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart