Report of fixed CVE-2024-24806 in libuv
Summary
A security vulnerability identified as CVE-2024-24806 was discovered and fixed in libuv. However, related files aren't fixed in the CMake project.
Fix Details
The vulnerability was fixed in libuv in the following commit/version:
- Project: libuv https://github.com/libuv/libuv
- Commit1/Commit2/Version: 0f2d7e7, 3530bcc, v1.48.0
Similar Bug in CMake
The identical uv__idna_toascii
function where the fix is applied (src/idna.c file) is used in the CMake project as well (Utilities/cmlibuv/src/idna.c), but the fix is not applied there.
References
- Links to CVE details
- Links to the fix in libuv
Report Origin
The bug is reported by a tool developed at CAST.
Edited by Mariam Arutunian