exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2024-24806

Status Candidate

Overview

libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Files

Red Hat Security Advisory 2024-4247-03
Posted Jul 3, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4247-03 - An update for libuv is now available for Red Hat Enterprise Linux 8. Issues addressed include a server-side request forgery vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2024-24806
SHA-256 | d34058ccdf9ff4a479a0bfa77f4b0f13461c2451643950b3d70bf81109104b12
Debian Security Advisory 5638-1
Posted Mar 11, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5638-1 - It was discovered that the uv_getaddrinfo() function in libuv, an asynchronous event notification library, incorrectly truncated certain hostnames, which may result in bypass of security measures on internal APIs or SSRF attacks.

tags | advisory
systems | linux, debian
advisories | CVE-2024-24806
SHA-256 | 8a07ccb73b022376fe2ad526d9e79f96a2d1684fb96135ae73b42313547393c9
Ubuntu Security Notice USN-6666-1
Posted Feb 28, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6666-1 - It was discovered that libuv incorrectly truncated certain hostnames. A remote attacker could possibly use this issue with specially crafted hostnames to bypass certain checks.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2024-24806
SHA-256 | 3708b57f00e48056a0ff770faacabf49aa5ec9ceb551c9f97111aee2cda1ee21
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close