#VU86707 Server-Side Request Forgery (SSRF) in libuv
Vulnerability identifier: #VU86707
Vulnerability risk: Medium
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-918
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
libuv
Other software /
Other software solutions
Vendor: libuv.org
Description
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input when handling hostnames longer than 256 characters within the uv_getaddrinfo() function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c. A remote attacker can pass a specially crafted hostname to the application, which can be resolved to an attacker controlled IP address and initiate unauthorized requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
libuv: 1.24.0 - 1.47.0
External links
http://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
http://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629
http://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70
http://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488
http://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39
http://www.openwall.com/lists/oss-security/2024/02/08/2
http://www.openwall.com/lists/oss-security/2024/02/11/1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
