Description

os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-sandboxed binary relocation phase, which occurs before a user would expect execution of downloaded package content. (237d1e783f7ee261beaba7d3f6bde22da7148b0a was the tested vulnerable version.)

INFO

Published Date :

2024-07-31T00:00:00.000Z

Last Modified :

2024-07-31T17:03:46.038Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-42381 vulnerability.

Vendors Products
Homebrew
  • Brew
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-42381.

URL Resource
https://blog.trailofbits.com/2024/07/30/our-audit-of-homebrew/ cve-icon cve-icon
https://brew.sh/2024/07/30/homebrew-security-audit/ cve-icon cve-icon
https://github.com/Homebrew/brew/commit/916b37388d3851a8a93a8e9b4adc38873680ead7 cve-icon cve-icon
https://github.com/Homebrew/brew/pull/17136 cve-icon cve-icon
https://github.com/Homebrew/brew/releases/tag/4.2.20 cve-icon cve-icon
https://github.com/Homebrew/brew/tree/237d1e783f7ee261beaba7d3f6bde22da7148b0a cve-icon cve-icon
https://github.com/trailofbits/publications/blob/master/reviews/2023-08-28-homebrew-securityreview.pdf cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Complexity
Attack Vector
Availability Impact
Confidentiality Impact
Integrity Impact
Privileges Required
Scope
User Interaction