Showing 1 - 4 of 4

CVE-2024-24806

Status Candidate

Overview

libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Files

Red Hat Security Advisory 2024-4756-03: Posted Jul 24, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-4756-03 - An update for libuv is now available for Red Hat Enterprise Linux 9. Issues addressed include a server-side request forgery vulnerability.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-24806; SHA-256 | 079553bb1160a89cc126601d7584c8151b5be508ee4b4f807427a8785d63348f; Download | Favorite | View

Red Hat Security Advisory 2024-4247-03: Posted Jul 3, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-4247-03 - An update for libuv is now available for Red Hat Enterprise Linux 8. Issues addressed include a server-side request forgery vulnerability.; tags | advisory; systems | linux, redhat; advisories | CVE-2024-24806; SHA-256 | d34058ccdf9ff4a479a0bfa77f4b0f13461c2451643950b3d70bf81109104b12; Download | Favorite | View

Debian Security Advisory 5638-1: Posted Mar 11, 2024; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5638-1 - It was discovered that the uv_getaddrinfo() function in libuv, an asynchronous event notification library, incorrectly truncated certain hostnames, which may result in bypass of security measures on internal APIs or SSRF attacks.; tags | advisory; systems | linux, debian; advisories | CVE-2024-24806; SHA-256 | 8a07ccb73b022376fe2ad526d9e79f96a2d1684fb96135ae73b42313547393c9; Download | Favorite | View

Ubuntu Security Notice USN-6666-1: Posted Feb 28, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6666-1 - It was discovered that libuv incorrectly truncated certain hostnames. A remote attacker could possibly use this issue with specially crafted hostnames to bypass certain checks.; tags | advisory, remote; systems | linux, ubuntu; advisories | CVE-2024-24806; SHA-256 | 3708b57f00e48056a0ff770faacabf49aa5ec9ceb551c9f97111aee2cda1ee21; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 223 files
Ubuntu 87 files
indoushka 64 files
Jasper Nota 25 files
Willem Westerhof 19 files
Gentoo 18 files
Debian 15 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,090)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,547)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,646)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,459)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,729)
UNIX (9,433)
UnixWare (187)
Windows (6,670)
Other

CVE-2024-24806

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems