FKIE_CVE-2024-42381

Vulnerability from fkie_nvd - Published: 2024-07-31 06:15 - Updated: 2026-06-17 07:49
Summary
os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-sandboxed binary relocation phase, which occurs before a user would expect execution of downloaded package content. (237d1e783f7ee261beaba7d3f6bde22da7148b0a was the tested vulnerable version.)
Impacted products
Vendor Product Version

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "cve@mitre.org"
    },
    {
      "affectedData": [
        {
          "cpes": [
            "cpe:2.3:a:homebrew:brew:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unknown",
          "product": "brew",
          "vendor": "homebrew",
          "versions": [
            {
              "lessThan": "4.2.20",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-sandboxed binary relocation phase, which occurs before a user would expect execution of downloaded package content. (237d1e783f7ee261beaba7d3f6bde22da7148b0a was the tested vulnerable version.)"
    },
    {
      "lang": "es",
      "value": " os/linux/elf.rb en Homebrew Brew anterior a 4.2.20 usa ldd para cargar archivos ELF obtenidos de fuentes no confiables, lo que permite a los atacantes lograr la ejecuci\u00f3n de c\u00f3digo a trav\u00e9s de un archivo ELF con una secci\u00f3n .interp personalizada. NOTA: la ejecuci\u00f3n de este c\u00f3digo ocurrir\u00eda durante una fase de reubicaci\u00f3n binaria sin espacio aislado, que ocurre antes de que un usuario espere la ejecuci\u00f3n del contenido del paquete descargado. (237d1e783f7ee261beaba7d3f6bde22da7148b0a fue la versi\u00f3n vulnerable probada)."
    }
  ],
  "id": "CVE-2024-42381",
  "lastModified": "2026-06-17T07:49:21.777",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 6.0,
        "source": "cve@mitre.org",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2024-42381",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2024-07-31T16:56:17.154538Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2024-07-31T06:15:02.130",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://blog.trailofbits.com/2024/07/30/our-audit-of-homebrew/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://brew.sh/2024/07/30/homebrew-security-audit/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/Homebrew/brew/commit/916b37388d3851a8a93a8e9b4adc38873680ead7"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/Homebrew/brew/pull/17136"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/Homebrew/brew/releases/tag/4.2.20"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/Homebrew/brew/tree/237d1e783f7ee261beaba7d3f6bde22da7148b0a"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/trailofbits/publications/blob/master/reviews/2023-08-28-homebrew-securityreview.pdf"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-830"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…