{"id":"CVE-2024-42381","details":"os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-sandboxed binary relocation phase, which occurs before a user would expect execution of downloaded package content. (237d1e783f7ee261beaba7d3f6bde22da7148b0a was the tested vulnerable version.)","modified":"2026-03-20T12:38:00.394083Z","published":"2024-07-31T06:15:02.130Z","references":[{"type":"WEB","url":"https://github.com/trailofbits/publications/blob/master/reviews/2023-08-28-homebrew-securityreview.pdf"},{"type":"WEB","url":"https://brew.sh/2024/07/30/homebrew-security-audit/"},{"type":"WEB","url":"https://github.com/Homebrew/brew/releases/tag/4.2.20"},{"type":"WEB","url":"https://github.com/Homebrew/brew/tree/237d1e783f7ee261beaba7d3f6bde22da7148b0a"},{"type":"FIX","url":"https://github.com/Homebrew/brew/commit/916b37388d3851a8a93a8e9b4adc38873680ead7"},{"type":"FIX","url":"https://github.com/Homebrew/brew/pull/17136"},{"type":"ARTICLE","url":"https://blog.trailofbits.com/2024/07/30/our-audit-of-homebrew/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/Homebrew/brew","events":[{"introduced":"0"},{"fixed":"c2ed3327c605c3e738359c9807b8f4cd6fec09eb"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.2.20"}]}},{"type":"GIT","repo":"https://github.com/homebrew/brew","events":[{"introduced":"0"},{"fixed":"916b37388d3851a8a93a8e9b4adc38873680ead7"},{"fixed":"c2ed3327c605c3e738359c9807b8f4cd6fec09eb"}]}],"versions":["0.1","0.2","0.3","0.4","0.5","0.6","0.7","0.7.1","0.8","0.8.1","0.9","0.9.1","0.9.2","0.9.3","0.9.4","0.9.5","0.9.8","0.9.9","1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.1.0","1.1.1","1.1.10","1.1.11","1.1.12","1.1.13","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8","1.1.9","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.3.0","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.4.0","1.4.1","1.4.2","1.4.3","1.5.0","1.5.1","1.5.10","1.5.11","1.5.12","1.5.13","1.5.14","1.5.2","1.5.3","1.5.4","1.5.5","1.5.6","1.5.7","1.5.8","1.5.9","1.6.0","1.6.1","1.6.10","1.6.11","1.6.12","1.6.13","1.6.14","1.6.15","1.6.16","1.6.17","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.7.0","1.7.1","1.7.2","1.7.3","1.7.4","1.7.5","1.7.6","1.7.7","1.8.0","1.8.1","1.8.2","1.8.3","1.8.4","1.8.5","1.8.6","1.9.0","1.9.1","1.9.2","1.9.3","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.1.0","2.1.1","2.1.10","2.1.11","2.1.12","2.1.13","2.1.14","2.1.15","2.1.16","2.1.2","2.1.3","2.1.4","2.1.5","2.1.6","2.1.7","2.1.8","2.1.9","2.2.0","2.2.1","2.2.10","2.2.11","2.2.12","2.2.13","2.2.14","2.2.15","2.2.16","2.2.17","2.2.2","2.2.3","2.2.4","2.2.5","2.2.6","2.2.7","2.2.8","2.2.9","2.3.0","2.4.0","2.4.1","2.4.10","2.4.11","2.4.12","2.4.13","2.4.14","2.4.15","2.4.16","2.4.2","2.4.3","2.4.4","2.4.5","2.4.6","2.4.7","2.4.8","2.4.9","2.5.0","2.5.1","2.5.10","2.5.11","2.5.12","2.5.2","2.5.3","2.5.4","2.5.5","2.5.6","2.5.7","2.5.8","2.5.9","2.6.0","2.6.1","2.6.2","2.7.0","2.7.1","2.7.2","2.7.3","2.7.4","2.7.5","2.7.6","2.7.7","3.0.0","3.0.1","3.0.10","3.0.11","3.0.2","3.0.3","3.0.4","3.0.5","3.0.6","3.0.7","3.0.8","3.0.9","3.1.0","3.1.1","3.1.10","3.1.11","3.1.12","3.1.2","3.1.3","3.1.4","3.1.5","3.1.6","3.1.7","3.1.8","3.1.9","3.2.0","3.2.1","3.2.10","3.2.11","3.2.12","3.2.13","3.2.14","3.2.15","3.2.16","3.2.17","3.2.2","3.2.3","3.2.4","3.2.5","3.2.6","3.2.7","3.2.8","3.2.9","3.3.0","3.3.1","3.3.10","3.3.11","3.3.12","3.3.13","3.3.14","3.3.15","3.3.16","3.3.2","3.3.3","3.3.4","3.3.5","3.3.6","3.3.7","3.3.8","3.3.9","3.4.0","3.4.1","3.4.10","3.4.11","3.4.2","3.4.3","3.4.4","3.4.5","3.4.6","3.4.7","3.4.8","3.4.9","3.5.0","3.5.1","3.5.10","3.5.2","3.5.3","3.5.4","3.5.5","3.5.6","3.5.7","3.5.8","3.5.9","3.6.0","3.6.1","3.6.10","3.6.11","3.6.12","3.6.13","3.6.14","3.6.15","3.6.16","3.6.17","3.6.18","3.6.19","3.6.2","3.6.20","3.6.21","3.6.3","3.6.4","3.6.5","3.6.6","3.6.7","3.6.8","3.6.9","4.0.0","4.0.1","4.0.10","4.0.11","4.0.12","4.0.13","4.0.14","4.0.15","4.0.16","4.0.17","4.0.18","4.0.19","4.0.2","4.0.20","4.0.21","4.0.22","4.0.23","4.0.24","4.0.25","4.0.26","4.0.27","4.0.28","4.0.3","4.0.4","4.0.5","4.0.6","4.0.7","4.0.8","4.0.9","4.1.0","4.1.1","4.1.10","4.1.11","4.1.12","4.1.13","4.1.14","4.1.15","4.1.16","4.1.17","4.1.18","4.1.19","4.1.2","4.1.20","4.1.21","4.1.22","4.1.23","4.1.24","4.1.25","4.1.3","4.1.4","4.1.5","4.1.6","4.1.7","4.1.8","4.2.0","4.2.1","4.2.10","4.2.11","4.2.12","4.2.13","4.2.15","4.2.16","4.2.17","4.2.18","4.2.19","4.2.2","4.2.3","4.2.4","4.2.5","4.2.6","4.2.7","4.2.8","4.2.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42381.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}]}