CVE-2024-32874 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2024-32874

CVE-2024-32874

May 09, 2024

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no limitation set on the length of the filename and the costy use of the Unicode normalization with the form NFKD under the hood of "secure_filename()".

Related Resources (10)

https://github.com/blakeblackshear/frigate/blob/d7ae0eedf89e14f297093ac5c8042862034cbaeb/frigate/api/media.py#L646C25-L646C47

https://github.com/blakeblackshear/frigate/blob/d7ae0eedf89e14f297093ac5c8042862034cbaeb/frigate/api/media.py#L705C42-L705C88

https://github.com/blakeblackshear/frigate/blob/d7ae0eedf89e14f297093ac5c8042862034cbaeb/frigate/api/media.py#L1346C46-L1346C55

https://github.com/blakeblackshear/frigate/blob/d7ae0eedf89e14f297093ac5c8042862034cbaeb/frigate/api/media.py#L728C38-L728C80

https://nvd.nist.gov/vuln/detail/CVE-2024-32874

https://github.com/blakeblackshear/frigate/blob/d7ae0eedf89e14f297093ac5c8042862034cbaeb/frigate/api/media.py#L684C9-L684C59

https://github.com/blakeblackshear/frigate/blob/d7ae0eedf89e14f297093ac5c8042862034cbaeb/frigate/api/media.py#L408C33-L408C78

https://github.com/blakeblackshear/frigate

https://github.com/blakeblackshear/frigate/security/advisories/GHSA-w4h6-9wrp-v5jq

https://github.com/blakeblackshear/frigate/commit/cc851555e4029647986dccc8b8ecf54afee31442

Do you need more information?