CVE-2024-32874

Advisory

Frigate is a network video recorder (NVR) with real-time local object detection for IP cameras. In affected versions, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to an application-level denial of service. This is due to no limitation set on the length of the filename and the costly use of the Unicode normalization with the form NFKD under the hood of `secure_filename()`.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

• https://github.com/blakeblackshear/frigate/commit/cc851555e4029647986dccc8b8ecf54afee31442
• https://github.com/advisories/GHSA-w4h6-9wrp-v5jq
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32874