os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to…
mitre·CWE-830·Published 2024-07-31
os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-sandboxed binary relocation phase, which occurs before a user would expect execution of downloaded package content. (237d1e783f7ee261beaba7d3f6bde22da7148b0a was the tested vulnerable version.)
os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-sandboxed binary relocation phase, which occurs before a user would expect execution of downloaded package content. (237d1e783f7ee261beaba7d3f6bde22da7148b0a was the tested vulnerable version.)
os/linux/elf.rb en Homebrew Brew anterior a 4.2.20 usa ldd para cargar archivos ELF obtenidos de fuentes no confiables, lo que permite a los atacantes lograr la ejecución de código a través de un archivo ELF con una sección .interp personalizada. NOTA: la ejecución de este código ocurriría durante una fase de reubicación binaria sin espacio aislado, que ocurre antes de que un usuario espere la ejecución del contenido del paquete descargado. (237d1e783f7ee261beaba7d3f6bde22da7148b0a fue la versión vulnerable probada).
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 8.3 | — | — | CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:R |
| 3.1 | Primary | cve.org | 8.3 | — | — | CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:R |
| 3.1 | Secondary | NVD | 8.3 | 1.6 | 6.0 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |