libuv-1.41.1-2.el8_10
エラータID: AXSA:2024-8516:01
リリース日:
2024/07/04 Thursday - 18:42
題名:
libuv-1.41.1-2.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- libuv の src/unix/getaddrinfo.c の uv_getaddrinfo() 関数には、
getaddrinfo() 関数を呼び出す前にホスト名を 256 文字に切り
詰めてしまう問題があるため、リモートの攻撃者により、
細工された長いユーザー名の指定を介して、SSRF (Server
Side RequestForgery) 攻撃を可能とする脆弱性が存在します。
(CVE-2024-24806)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-24806
libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
追加情報:
N/A
ダウンロード:
SRPMS
- libuv-1.41.1-2.el8_10.src.rpm
MD5: d3636c389bb7e5917d6a755cf420edda
SHA-256: d84a1413782c5a8406773a955ef96e74477cbd0475a0c9b0fe51bd14964bded3
Size: 1.24 MB
Asianux Server 8 for x86_64
- libuv-1.41.1-2.el8_10.i686.rpm
MD5: 3d6fa0be7fd794ed6c81909393c60b59
SHA-256: b77ee8b913693929c35c92a500ad54e6ca5620c969ed061a436738795e367206
Size: 163.84 kB - libuv-1.41.1-2.el8_10.x86_64.rpm
MD5: e0dbf6848d2c21350866c64162364d32
SHA-256: 1c01909daa644ba081c6807889d0188bc8082999594364d1aaac166cc0959a1c
Size: 155.26 kB - libuv-devel-1.41.1-2.el8_10.i686.rpm
MD5: dc16d279a15cf9dddc10fc86f020f9c7
SHA-256: 9f34997d76ac288d6ab03576ce6a35574a084f00dbcf7649064b4b38a0bb4b13
Size: 35.90 kB - libuv-devel-1.41.1-2.el8_10.x86_64.rpm
MD5: cc93c4e5914f35cd1222588d3b3f87f6
SHA-256: 55f4d38c9c655255fa9ad3069d85e77e6f761b9c9f939f0546a48b9b4a033416
Size: 35.88 kB
English