Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-sandboxed binary relocation phase, which occurs before a user would expect execution of downloaded package content. (237d1e783f7ee261beaba7d3f6bde22da7148b0a was the tested vulnerable version.)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Homebrew 安全漏洞
Vulnerability Description
Homebrew是Homebrew开源的一个包管理器。 Homebrew 4.2.20之前版本存在安全漏洞,该漏洞源于 os/linux/elf.rb 使用 ldd 加载从不受信任的来源获得的 ELF 文件。攻击者可以通过带有自定义 .interp 部分的 ELF 文件实现代码执行。
CVSS Information
N/A
Vulnerability Type
N/A