CVE-2024-42381

Name of the Vulnerable Software and Affected Versions Homebrew versions prior to 4.2.20

Description The issue allows attackers to achieve code execution via an ELF file with a custom .interp section. This occurs during an un-sandboxed binary relocation phase, before a user would expect execution of downloaded package content.

Recommendations For versions prior to 4.2.20, upgrade to version 4.2.20 or later to mitigate the risk of exploitation. As a temporary workaround, consider avoiding the use of os/linux/elf.rb in Homebrew brew until a patch is applied. Restrict access to untrusted ELF files to minimize the risk of exploitation.