CVE-2024-24806 — Server-Side Request Forgery in Libuv

CWE-918 — Server-Side Request Forgery9 documents9 sources

Severity

7.3HIGHNVD

EPSS

0.2%

top 59.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libuv Debian Libuv1 Google Chrome Chrome +15 more

Timeline

PublishedFeb 7

Latest updateNov 14

Description

libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulner…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages19 packages

▶NVDlibuv/libuv1.24.0 — 1.48.0

▶debiandebian/libuv1< libuv1 1.44.2-1+deb12u1 (bookworm)

▶CVEListV5libuv/libuv>= 1.45.0, < 1.48.0

▶msrcmsrc/azl3_libuv_1.46.0-1_on_azure_linux_3.0

▶msrcmsrc/azl3_libuv_1.48.0-1_on_azure_linux_3.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2024-24806: libuv is a multi-platform support library with a focus on asynchronous I/O↗2024-02-07

▶

📋Vendor Advisories

CISA ICS

Siemens SINEC INS↗2024-11-14

▶

Chrome

Long Term Support Channel Update for ChromeOS: CVE-2024-24806↗2024-05-13

▶

Ubuntu

libuv vulnerability↗2024-02-28

▶

Microsoft

Improper Domain Lookup that potentially leads to SSRF attacks in libuv↗2024-02-13

▶

Red Hat

libuv: Improper Domain Lookup that potentially leads to SSRF attacks↗2024-02-07

▶

💬Community

HackerOne

Libuv: Improper Domain Lookup that potentially leads to SSRF attacks↗2024-03-29

▶