CVE-2024-32874
📋 TL;DR
CVE-2024-32874 is a denial-of-service vulnerability in Frigate NVR software where attackers can crash the application by uploading files with excessively long Unicode filenames. The vulnerability affects all Frigate installations below version 0.13.2 due to improper filename length validation during Unicode normalization. This impacts any organization using vulnerable Frigate versions for IP camera monitoring and object detection.
💻 Affected Systems
- Frigate NVR
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete application crash leading to loss of video monitoring, object detection, and recording capabilities until service restart.
Likely Case
Temporary service disruption requiring manual intervention to restart the Frigate application.
If Mitigated
No impact if filename length limits are enforced or patched version is used.
🎯 Exploit Status
Exploitation requires only web access to the Frigate interface and knowledge of creating long Unicode filenames. No authentication needed if web interface is exposed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.13.2 and later
Vendor Advisory: https://github.com/blakeblackshear/frigate/security/advisories/GHSA-w4h6-9wrp-v5jq
Restart Required: Yes
Instructions:
1. Update Frigate to version 0.13.2 or later using your deployment method (Docker, manual install). 2. Restart the Frigate service. 3. Verify the update was successful by checking the version in the web interface or logs.
🔧 Temporary Workarounds
Restrict file upload access
allLimit access to Frigate's web interface to trusted users only and block external internet access.
Implement web application firewall rules
allAdd WAF rules to block requests with excessively long filenames or Unicode sequences.
🧯 If You Can't Patch
- Isolate Frigate instance on internal network with no internet exposure
- Implement rate limiting on file upload endpoints to prevent repeated exploitation
🔍 How to Verify
Check if Vulnerable:
Check Frigate version in web interface dashboard or run: docker inspect frigate | grep -i versionCheck Version:
docker exec frigate cat /usr/local/lib/python3.9/site-packages/frigate/__init__.py | grep __version__Verify Fix Applied:
Confirm version is 0.13.2 or higher and test file upload functionality with normal filenames works correctly.📡 Detection & Monitoring
Log Indicators:
- Application crash logs
- High CPU usage spikes followed by service termination
- Error messages related to filename processing or Unicode normalization
Network Indicators:
- HTTP POST requests to upload endpoints with unusually long filenames
- Multiple rapid file upload attempts
SIEM Query:
source="frigate.logs" AND ("crash" OR "terminated" OR "Unicode" OR "filename" AND "too long")🔗 References
- https://github.com/blakeblackshear/frigate/commit/cc851555e4029647986dccc8b8ecf54afee31442
- https://github.com/blakeblackshear/frigate/security/advisories/GHSA-w4h6-9wrp-v5jq
- https://github.com/blakeblackshear/frigate/commit/cc851555e4029647986dccc8b8ecf54afee31442
- https://github.com/blakeblackshear/frigate/security/advisories/GHSA-w4h6-9wrp-v5jq
