Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.AL2023_ALAS2023-2024-479.NASLHistoryJan 08, 2024 - 12:00 a.m.
Amazon Linux 2023 : bouncycastle, bouncycastle-javadoc, bouncycastle-mail (ALAS2023-2024-479)
2024-01-0800:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
amazon linux 2023
bouncy castle
denial of service
alas2023-2024-479
vulnerability
outofmemoryerror
cve-2023-33202
pkcs8
x.509
pkcs7
openssl
pemparser
nessus
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
6.8
Confidence
High
EPSS
0
Percentile
15.7%
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-479 advisory.
- Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.) (CVE-2023-33202)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2024-479.
##
include('compat.inc');
if (description)
{
script_id(187698);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");
script_cve_id("CVE-2023-33202");
script_name(english:"Amazon Linux 2023 : bouncycastle, bouncycastle-javadoc, bouncycastle-mail (ALAS2023-2024-479)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2023 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-479 advisory.
- Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy
Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing
X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data
through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users
of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.) (CVE-2023-33202)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2023/ALAS-2024-479.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-33202.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
script_set_attribute(attribute:"solution", value:
"Run 'dnf update bouncycastle --releasever 2023.3.20240108' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-33202");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/11/23");
script_set_attribute(attribute:"patch_publication_date", value:"2024/01/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/08");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bouncycastle");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bouncycastle-javadoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bouncycastle-mail");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bouncycastle-pg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bouncycastle-pkix");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bouncycastle-tls");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bouncycastle-util");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2023");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "-2023")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2023", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var pkgs = [
{'reference':'bouncycastle-1.70-4.amzn2023.0.4', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bouncycastle-javadoc-1.70-4.amzn2023.0.4', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bouncycastle-mail-1.70-4.amzn2023.0.4', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bouncycastle-pg-1.70-4.amzn2023.0.4', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bouncycastle-pkix-1.70-4.amzn2023.0.4', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bouncycastle-tls-1.70-4.amzn2023.0.4', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bouncycastle-util-1.70-4.amzn2023.0.4', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bouncycastle / bouncycastle-javadoc / bouncycastle-mail / etc");
}Related
cvelist
cvelist
CVE-2023-33202
2023-11-23 00:00:00
github
github
Bouncy Castle Denial of Service (DoS)
2023-11-23 18:30:33
veracode
veracode
Denial Of Service (DoS)
2023-11-27 07:58:36
debiancve
debiancve
CVE-2023-33202
2023-11-23 16:15:07
osv
osv
CGA-hq55-qp37-gwm6
2024-06-06 12:27:50
CVE-2023-33202
2023-11-23 16:15:07
Bouncy Castle Denial of Service (DoS)
2023-11-23 18:30:33
ubuntucve
ubuntucve
CVE-2023-33202
2023-11-23 00:00:00
nvd
nvd
CVE-2023-33202
2023-11-23 16:15:07
redhatcve
redhatcve
CVE-2023-33202
2023-11-23 20:49:53
ibm
ibm
prion
prion
Design/Logic Flaw
2023-11-23 16:15:00
cve
cve
CVE-2023-33202
2023-11-23 16:15:07
cgr
cgr
CVE-2023-33202 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2023-33202 vulnerabilities
2024-09-28 21:12:41
nessus
nessus
Oracle WebLogic Server (April 2024 CPU)
2024-04-17 00:00:00
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - July 2024
2024-07-16 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
6.8
Confidence
High
EPSS
0
Percentile
15.7%
Related for AL2023_ALAS2023-2024-479.NASL