CVE-2024-42381

os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-sandboxed binary relocation phase, which occurs before a user would expect execution of downloaded package content. (237d1e783f7ee261beaba7d3f6bde22da7148b0a was the tested vulnerable version.)

CVSS v3 8.3 HIGH

8.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://blog.trailofbits.com/2024/07/30/our-audit-of-homebrew/
https://brew.sh/2024/07/30/homebrew-security-audit/
https://github.com/Homebrew/brew/commit/916b37388d3851a8a93a8e9b4adc38873680ead7
https://github.com/Homebrew/brew/pull/17136
https://github.com/Homebrew/brew/releases/tag/4.2.20
https://github.com/Homebrew/brew/tree/237d1e783f7ee261beaba7d3f6bde22da7148b0a
https://github.com/trailofbits/publications/blob/master/reviews/2023-08-28-homebrew-securityreview.pdf

Configurations

No configuration.

History

No history.

Information

Published : 2024-07-31 06:15

Updated : 2024-08-01 13:59

NVD link : CVE-2024-42381

Mitre link : CVE-2024-42381

CVE.ORG link : CVE-2024-42381

JSON object : View

Products Affected

No product.

CWE

CWE-830

Inclusion of Web Functionality from an Untrusted Source

{"id": "CVE-2024-42381", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.6}]}, "published": "2024-07-31T06:15:02.130", "references": [{"url": "https://blog.trailofbits.com/2024/07/30/our-audit-of-homebrew/", "source": "cve@mitre.org"}, {"url": "https://brew.sh/2024/07/30/homebrew-security-audit/", "source": "cve@mitre.org"}, {"url": "https://github.com/Homebrew/brew/commit/916b37388d3851a8a93a8e9b4adc38873680ead7", "source": "cve@mitre.org"}, {"url": "https://github.com/Homebrew/brew/pull/17136", "source": "cve@mitre.org"}, {"url": "https://github.com/Homebrew/brew/releases/tag/4.2.20", "source": "cve@mitre.org"}, {"url": "https://github.com/Homebrew/brew/tree/237d1e783f7ee261beaba7d3f6bde22da7148b0a", "source": "cve@mitre.org"}, {"url": "https://github.com/trailofbits/publications/blob/master/reviews/2023-08-28-homebrew-securityreview.pdf", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-830"}]}], "descriptions": [{"lang": "en", "value": "os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-sandboxed binary relocation phase, which occurs before a user would expect execution of downloaded package content. (237d1e783f7ee261beaba7d3f6bde22da7148b0a was the tested vulnerable version.)"}, {"lang": "es", "value": " os/linux/elf.rb en Homebrew Brew anterior a 4.2.20 usa ldd para cargar archivos ELF obtenidos de fuentes no confiables, lo que permite a los atacantes lograr la ejecuci\u00f3n de c\u00f3digo a trav\u00e9s de un archivo ELF con una secci\u00f3n .interp personalizada. NOTA: la ejecuci\u00f3n de este c\u00f3digo ocurrir\u00eda durante una fase de reubicaci\u00f3n binaria sin espacio aislado, que ocurre antes de que un usuario espere la ejecuci\u00f3n del contenido del paquete descargado. (237d1e783f7ee261beaba7d3f6bde22da7148b0a fue la versi\u00f3n vulnerable probada)."}], "lastModified": "2024-08-01T13:59:22.207", "sourceIdentifier": "cve@mitre.org"}