jiachao2130/cvrf2cusa
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
fd42fc96e3
cvrf2cusa/cvrf/2024/cvrf-openEuler-SA-2024-1200.xml
Jia Chao 0b34274085 git mv 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-25 09:57:37 +08:00

167 lines
17 KiB
XML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">An update for libuv is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3</DocumentTitle>
<DocumentType>Security Advisory</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
<IssuingAuthority>openEuler security committee</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openEuler-SA-2024-1200</ID>
</Identification>
<Status>Final</Status>
<Version>1.0</Version>
<RevisionHistory>
<Revision>
<Number>1.0</Number>
<Date>2024-02-23</Date>
<Description>Initial</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2024-02-23</InitialReleaseDate>
<CurrentReleaseDate>2024-02-23</CurrentReleaseDate>
<Generator>
<Engine>openEuler SA Tool V1.0</Engine>
<Date>2024-02-23</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">libuv security update</Note>
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for libuv is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3.</Note>
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">libuv is a multi-platform support library with a focus on asynchronous I/O. It was primarily developed for use by Node.js, but its also used by Luvit, Julia, pyuv, and others.
Security Fix(es):
libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2024-24806)</Note>
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for libuv is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">Critical</Note>
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">libuv</Note>
</DocumentNotes>
<DocumentReferences>
<Reference Type="Self">
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1200</URL>
</Reference>
<Reference Type="openEuler CVE">
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-24806</URL>
</Reference>
<Reference Type="Other">
<URL>https://nvd.nist.gov/vuln/detail/CVE-2024-24806</URL>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Name" Name="openEuler">
<FullProductName ProductID="openEuler-20.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">openEuler-20.03-LTS-SP1</FullProductName>
<FullProductName ProductID="openEuler-20.03-LTS-SP4" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">openEuler-20.03-LTS-SP4</FullProductName>
<FullProductName ProductID="openEuler-22.03-LTS" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">openEuler-22.03-LTS</FullProductName>
<FullProductName ProductID="openEuler-22.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">openEuler-22.03-LTS-SP1</FullProductName>
<FullProductName ProductID="openEuler-22.03-LTS-SP2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP2">openEuler-22.03-LTS-SP2</FullProductName>
<FullProductName ProductID="openEuler-22.03-LTS-SP3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">openEuler-22.03-LTS-SP3</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="aarch64">
<FullProductName ProductID="libuv-debuginfo-1.42.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libuv-debuginfo-1.42.0-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-devel-1.42.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libuv-devel-1.42.0-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-1.42.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libuv-1.42.0-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-debugsource-1.42.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libuv-debugsource-1.42.0-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-debugsource-1.42.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">libuv-debugsource-1.42.0-2.oe2003sp4.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-devel-1.42.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">libuv-devel-1.42.0-2.oe2003sp4.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-1.42.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">libuv-1.42.0-2.oe2003sp4.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-debuginfo-1.42.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">libuv-debuginfo-1.42.0-2.oe2003sp4.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-debuginfo-1.42.0-6" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libuv-debuginfo-1.42.0-6.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-devel-1.42.0-6" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libuv-devel-1.42.0-6.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-1.42.0-6" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libuv-1.42.0-6.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-debugsource-1.42.0-6" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libuv-debugsource-1.42.0-6.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">libuv-1.42.0-8.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-debuginfo-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">libuv-debuginfo-1.42.0-8.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-debugsource-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">libuv-debugsource-1.42.0-8.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-devel-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">libuv-devel-1.42.0-8.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-debuginfo-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP2">libuv-debuginfo-1.42.0-8.oe2203sp2.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-devel-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP2">libuv-devel-1.42.0-8.oe2203sp2.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-debugsource-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP2">libuv-debugsource-1.42.0-8.oe2203sp2.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP2">libuv-1.42.0-8.oe2203sp2.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-devel-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">libuv-devel-1.42.0-8.oe2203sp3.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-debugsource-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">libuv-debugsource-1.42.0-8.oe2203sp3.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-debuginfo-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">libuv-debuginfo-1.42.0-8.oe2203sp3.aarch64.rpm</FullProductName>
<FullProductName ProductID="libuv-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">libuv-1.42.0-8.oe2203sp3.aarch64.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="noarch">
<FullProductName ProductID="libuv-help-1.42.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libuv-help-1.42.0-2.oe1.noarch.rpm</FullProductName>
<FullProductName ProductID="libuv-help-1.42.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">libuv-help-1.42.0-2.oe2003sp4.noarch.rpm</FullProductName>
<FullProductName ProductID="libuv-help-1.42.0-6" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libuv-help-1.42.0-6.oe2203.noarch.rpm</FullProductName>
<FullProductName ProductID="libuv-help-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">libuv-help-1.42.0-8.oe2203sp1.noarch.rpm</FullProductName>
<FullProductName ProductID="libuv-help-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP2">libuv-help-1.42.0-8.oe2203sp2.noarch.rpm</FullProductName>
<FullProductName ProductID="libuv-help-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">libuv-help-1.42.0-8.oe2203sp3.noarch.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="src">
<FullProductName ProductID="libuv-1.42.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libuv-1.42.0-2.oe1.src.rpm</FullProductName>
<FullProductName ProductID="libuv-1.42.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">libuv-1.42.0-2.oe2003sp4.src.rpm</FullProductName>
<FullProductName ProductID="libuv-1.42.0-6" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libuv-1.42.0-6.oe2203.src.rpm</FullProductName>
<FullProductName ProductID="libuv-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">libuv-1.42.0-8.oe2203sp1.src.rpm</FullProductName>
<FullProductName ProductID="libuv-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP2">libuv-1.42.0-8.oe2203sp2.src.rpm</FullProductName>
<FullProductName ProductID="libuv-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">libuv-1.42.0-8.oe2203sp3.src.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="x86_64">
<FullProductName ProductID="libuv-debugsource-1.42.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libuv-debugsource-1.42.0-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-devel-1.42.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libuv-devel-1.42.0-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-debuginfo-1.42.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libuv-debuginfo-1.42.0-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-1.42.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libuv-1.42.0-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-debugsource-1.42.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">libuv-debugsource-1.42.0-2.oe2003sp4.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-1.42.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">libuv-1.42.0-2.oe2003sp4.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-debuginfo-1.42.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">libuv-debuginfo-1.42.0-2.oe2003sp4.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-devel-1.42.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">libuv-devel-1.42.0-2.oe2003sp4.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-debuginfo-1.42.0-6" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libuv-debuginfo-1.42.0-6.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-debugsource-1.42.0-6" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libuv-debugsource-1.42.0-6.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-devel-1.42.0-6" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libuv-devel-1.42.0-6.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-1.42.0-6" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">libuv-1.42.0-6.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-devel-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">libuv-devel-1.42.0-8.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">libuv-1.42.0-8.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-debuginfo-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">libuv-debuginfo-1.42.0-8.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-debugsource-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">libuv-debugsource-1.42.0-8.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-debugsource-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP2">libuv-debugsource-1.42.0-8.oe2203sp2.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-devel-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP2">libuv-devel-1.42.0-8.oe2203sp2.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP2">libuv-1.42.0-8.oe2203sp2.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-debuginfo-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP2">libuv-debuginfo-1.42.0-8.oe2203sp2.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-debuginfo-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">libuv-debuginfo-1.42.0-8.oe2203sp3.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-debugsource-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">libuv-debugsource-1.42.0-8.oe2203sp3.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">libuv-1.42.0-8.oe2203sp3.x86_64.rpm</FullProductName>
<FullProductName ProductID="libuv-devel-1.42.0-8" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">libuv-devel-1.42.0-8.oe2203sp3.x86_64.rpm</FullProductName>
</Branch>
</ProductTree>
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.</Note>
</Notes>
<ReleaseDate>2024-02-23</ReleaseDate>
<CVE>CVE-2024-24806</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP4</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
<ProductID>openEuler-22.03-LTS-SP1</ProductID>
<ProductID>openEuler-22.03-LTS-SP2</ProductID>
<ProductID>openEuler-22.03-LTS-SP3</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Critical</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>9.8</BaseScore>
<Vector>AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>libuv security update</Description>
<DATE>2024-02-23</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1200</URL>
</Remediation>
</Remediations>
</Vulnerability>
</cvrfdoc>
Reference in New Issue View Git Blame Copy Permalink