Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.AL2023_ALAS2023-2024-629.NASL
HistoryMay 28, 2024 - 12:00 a.m.

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2024-629)

2024-05-2800:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
3
http/2 endpoint vulnerability
http redirect vulnerability
multipart form vulnerability
certificate chain verification vulnerability
parseaddresslist vulnerability
marshaljson vulnerability

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.3%

JSON

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-629 advisory.

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive     number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and     CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is     allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an     HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to     be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the     receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header     frames we will process before closing a connection. (CVE-2023-45288)

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial     domain, an http.Client does not forward sensitive headers such as Authorization or Cookie. For     example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to     bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly     forwarded. (CVE-2023-45289)

When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with     Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed     form were not applied to the memory consumed while reading a single form line. This permits a maliciously     crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory,     potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits     the maximum size of form lines. (CVE-2023-45290)

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause     Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth     to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not     verify client certificates. (CVE-2024-24783)

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names.
Since this is a misalignment with conforming address parsers, it can result in different trust decisions     being made by programs using different parsers. (CVE-2024-24784)

If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the     contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject     unexpected content into templates. (CVE-2024-24785)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2024-629.
##

include('compat.inc');

if (description)
{
  script_id(197969);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/29");

  script_cve_id(
    "CVE-2023-45288",
    "CVE-2023-45289",
    "CVE-2023-45290",
    "CVE-2024-24783",
    "CVE-2024-24784",
    "CVE-2024-24785"
  );
  script_xref(name:"IAVB", value:"2024-B-0020-S");
  script_xref(name:"IAVB", value:"2024-B-0032-S");

  script_name(english:"Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2024-629)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2023 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-629 advisory.

    An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive
    number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and
    CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is
    allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an
    HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to
    be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the
    receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header
    frames we will process before closing a connection. (CVE-2023-45288)

    When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial
    domain, an http.Client does not forward sensitive headers such as Authorization or Cookie. For
    example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to
    bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly
    forwarded. (CVE-2023-45289)

    When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with
    Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed
    form were not applied to the memory consumed while reading a single form line. This permits a maliciously
    crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory,
    potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits
    the maximum size of form lines. (CVE-2023-45290)

    Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause
    Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth
    to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not
    verify client certificates. (CVE-2024-24783)

    The ParseAddressList function incorrectly handles comments (text within parentheses) within display names.
    Since this is a misalignment with conforming address parsers, it can result in different trust decisions
    being made by programs using different parsers. (CVE-2024-24784)

    If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the
    contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject
    unexpected content into templates. (CVE-2024-24785)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2023/ALAS-2024-629.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-45288.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-45289.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-45290.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2024-24783.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2024-24784.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2024-24785.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"solution", value:
"Run 'dnf update golang --releasever 2023.4.20240528' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-24785");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/03/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/05/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/28");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:golang");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:golang-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:golang-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:golang-misc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:golang-shared");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:golang-src");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:golang-tests");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2023");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "-2023")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2023", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'golang-1.22.3-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'golang-1.22.3-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'golang-bin-1.22.3-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'golang-bin-1.22.3-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'golang-docs-1.22.3-1.amzn2023.0.1', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'golang-misc-1.22.3-1.amzn2023.0.1', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'golang-shared-1.22.3-1.amzn2023.0.1', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'golang-shared-1.22.3-1.amzn2023.0.1', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'golang-src-1.22.3-1.amzn2023.0.1', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'golang-tests-1.22.3-1.amzn2023.0.1', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "golang / golang-bin / golang-docs / etc");
}
VendorProductVersionCPE
amazonlinuxgolang-binp-cpe:/a:amazon:linux:golang-bin
amazonlinuxgolang-srcp-cpe:/a:amazon:linux:golang-src
amazonlinuxgolang-testsp-cpe:/a:amazon:linux:golang-tests
amazonlinuxgolangp-cpe:/a:amazon:linux:golang
amazonlinuxgolang-sharedp-cpe:/a:amazon:linux:golang-shared
amazonlinuxgolang-docsp-cpe:/a:amazon:linux:golang-docs
amazonlinuxgolang-miscp-cpe:/a:amazon:linux:golang-misc
amazonlinux2023cpe:/o:amazon:linux:2023

Related

redhat 16
nessus 41
rocky 6
osv 24
amazon 2
oraclelinux 7
almalinux 8
openvas 6
freebsd 2
redos 1
cvelist 5
cve 5
nvd 6
veracode 5
prion 5
debiancve 5
redhatcve 6
cbl_mariner 22
ubuntucve 6
alpinelinux 6
cgr 5
ibm 3
wolfi 5
mageia 1
github 1
redhat
redhat
(RHSA-2024:3259) Important: go-toolset:rhel8 security update
2024-05-22 10:41:22
(RHSA-2024:2562) Important: golang security update
2024-04-30 11:38:52
(RHSA-2024:3346) Important: git-lfs security update
2024-05-23 14:21:44
nessus
nessus
Oracle Linux 8 : go-toolset:ol8 (ELSA-2024-3259)
2024-06-01 00:00:00
Amazon Linux 2 : golang (ALAS-2024-2554)
2024-05-31 00:00:00
RHEL 8 : Release of openshift-serverless-clients kn 1.33.0 security update & s (Important) (RHSA-2024:4023)
2024-06-20 00:00:00
rocky
rocky
go-toolset:rhel8 security update
2024-06-14 13:59:30
golang security update
2024-05-10 14:32:42
git-lfs security update
2024-05-10 14:32:42
osv
osv
Important: go-toolset:rhel8 security update
2024-06-14 13:59:30
Important: go-toolset:rhel8 security update
2024-05-22 00:00:00
Important: golang security update
2024-05-10 14:32:42
amazon
amazon
Medium: golang
2024-05-23 22:04:00
Medium: cni-plugins
2024-05-23 22:04:00
oraclelinux
oraclelinux
go-toolset:ol8 security update
2024-05-29 00:00:00
golang security update
2024-05-07 00:00:00
git-lfs security update
2024-05-29 00:00:00
almalinux
almalinux
Important: go-toolset:rhel8 security update
2024-05-22 00:00:00
Important: golang security update
2024-04-30 00:00:00
Important: git-lfs security update
2024-05-23 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:0811-1)
2024-03-11 00:00:00
openSUSE: Security Advisory for go1.22 (SUSE-SU-2024:0812-1)
2024-03-25 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1589)
2024-05-10 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2024-03-05 00:00:00
forgejo -- HTTP/2 CONTINUATION flood in net/http
2024-04-04 00:00:00
redos
redos
ROS-20240422-05
2024-04-22 00:00:00
cvelist
cvelist
CVE-2024-24784 Comments in display names are incorrectly handled in net/mail
2024-03-05 22:22:32
CVE-2024-24783 Verify panics on certificates with an unknown public key algorithm in crypto/x509
2024-03-05 22:22:26
CVE-2023-45290 Memory exhaustion in multipart form parsing in net/textproto and net/http
2024-03-05 22:22:28
cve
cve
CVE-2024-24784
2024-03-05 23:15:07
CVE-2024-24783
2024-03-05 23:15:07
CVE-2023-45289
2024-03-05 23:15:07
nvd
nvd
CVE-2024-24784
2024-03-05 23:15:07
CVE-2024-24783
2024-03-05 23:15:07
CVE-2023-45289
2024-03-05 23:15:07
veracode
veracode
Interpretation Differences
2024-03-17 17:30:16
Sensitive Information Disclosure
2024-03-17 17:29:23
Denial Of Service
2024-03-17 17:31:04
prion
prion
Design/Logic Flaw
2024-03-05 23:15:00
Design/Logic Flaw
2024-03-05 23:15:00
Authorization
2024-03-05 23:15:00
debiancve
debiancve
CVE-2024-24784
2024-03-05 23:15:07
CVE-2024-24783
2024-03-05 23:15:07
CVE-2024-24785
2024-03-05 23:15:07
redhatcve
redhatcve
CVE-2024-24783
2024-03-06 03:33:39
CVE-2024-24784
2024-03-06 03:33:31
CVE-2023-45290
2024-03-06 03:33:25
cbl_mariner
cbl_mariner
CVE-2024-24783 affecting package golang for versions less than 1.21.6-1
2024-06-25 03:09:54
CVE-2024-24784 affecting package golang for versions less than 1.21.6-1
2024-06-25 03:09:54
CVE-2023-45289 affecting package golang for versions less than 1.21.6-1
2024-06-25 03:09:54
ubuntucve
ubuntucve
CVE-2024-24784
2024-03-05 00:00:00
CVE-2024-24783
2024-03-05 00:00:00
CVE-2023-45289
2024-03-05 00:00:00
alpinelinux
alpinelinux
CVE-2024-24784
2024-03-05 23:15:07
CVE-2024-24785
2024-03-05 23:15:07
CVE-2024-24783
2024-03-05 23:15:07
cgr
cgr
CVE-2024-24784 vulnerabilities
2024-05-19 03:07:16
CVE-2024-24785 vulnerabilities
2024-05-19 03:07:16
CVE-2024-24783 vulnerabilities
2024-05-19 03:07:16
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container operator, IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2024-24783]
2024-06-05 15:07:56
Security Bulletin: IBM App Connect Enterprise Certified Container operator, IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2023-45290]
2024-06-05 15:06:31
Security Bulletin: IBM Storage Fusion is vulnerable to denial of service due to Golang Go's net/http and x/net/http2.
2024-05-11 16:53:43
wolfi
wolfi
CVE-2023-45289 vulnerabilities
2024-06-25 03:08:26
CVE-2024-24783 vulnerabilities
2024-06-25 03:08:26
CVE-2024-24784 vulnerabilities
2024-06-25 03:08:26
mageia
mageia
Updated golang packages fix security vulnerability
2024-04-13 19:56:38
github
github
net/http, x/net/http2: close connections when receiving too many headers
2024-04-04 21:30:32

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.3%

JSON
Related for AL2023_ALAS2023-2024-629.NASL
redhat16nessus41rocky6osv24amazon2oraclelinux7almalinux8openvas6freebsd2redos1cvelist5cve5nvd6veracode5prion5debiancve5redhatcve6cbl_mariner22ubuntucve6alpinelinux6cgr5ibm3wolfi5mageia1github1