MGASA-2024-0079

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2024-24806

Published: 22 Mar 2024, 00:19

Last modified:16 Apr 2026, 04:41

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

22 Mar 2024, 00:19

Published

Vulnerability first disclosed

16 Apr 2026, 04:41

Last Modified

Vulnerability information updated

Description

Updated libuv packages fix security vulnerability It was discovered that the uv_getaddrinfo() function in libuv, an asynchronous event notification library, incorrectly truncated certain hostnames, which may result in bypass of security measures on internal APIs or SSRF attacks. (CVE-2024-24806)

Affected Systems

mageia•libuv
< 1.44.2-2.1.mga9

References (5)

https://advisories.mageia.org/MGASA-2024-0079.html
https://bugs.mageia.org/show_bug.cgi?id=32822
https://www.openwall.com/lists/oss-security/2024/02/08/2
https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
https://lists.debian.org/debian-security-announce/2024/msg00044.html