diff --git a/changelogs/unreleased/gh-8889-lua-box-tuple-format-new-fix.md b/changelogs/unreleased/gh-8889-lua-box-tuple-format-new-fix.md
new file mode 100644
index 0000000000000000000000000000000000000000..cd32ef42d38195c3795ae99b2b9771752666ae46
--- /dev/null
+++ b/changelogs/unreleased/gh-8889-lua-box-tuple-format-new-fix.md
@@ -0,0 +1,4 @@
+## bugfix/lua/netbox
+
+* Fixed a heap-use-after-free bug in the function creating a tuple format Lua
+  object for `net.box` (gh-8889).
diff --git a/src/box/lua/misc.cc b/src/box/lua/misc.cc
index 3cb4ccf5afb939e03967b905631215149f88ab5c..a9ed6d649ce9973a7ee268fb08ee28f5a320514b 100644
--- a/src/box/lua/misc.cc
+++ b/src/box/lua/misc.cc
@@ -247,10 +247,16 @@ lbox_tuple_format_gc(struct lua_State *L)
 static int
 lbox_push_tuple_format(struct lua_State *L, struct tuple_format *format)
 {
+	/*
+	 * Tuple formats are reusable. It means that runtime_tuple_format_new
+	 * may return a format that is actually referenced by another Lua
+	 * object. So we have to be extra careful not to call anything that may
+	 * trigger Lua GC after we create a format and before we reference it.
+	 */
+	tuple_format_ref(format);
 	struct tuple_format **ptr = (struct tuple_format **)
 		luaL_pushcdata(L, CTID_STRUCT_TUPLE_FORMAT_PTR);
 	*ptr = format;
-	tuple_format_ref(format);
 	lua_pushcfunction(L, lbox_tuple_format_gc);
 	luaL_setcdatagc(L, -2);
 	return 1;