#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2026-1853.
##
include('compat.inc');
if (description)
{
script_id(322070);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/22");
script_cve_id(
"CVE-2026-7383",
"CVE-2026-9076",
"CVE-2026-34180",
"CVE-2026-34181",
"CVE-2026-34182",
"CVE-2026-34183",
"CVE-2026-42764",
"CVE-2026-42766",
"CVE-2026-42767",
"CVE-2026-42768",
"CVE-2026-42769",
"CVE-2026-42770",
"CVE-2026-45445",
"CVE-2026-45446",
"CVE-2026-45447"
);
script_xref(name:"IAVA", value:"2026-A-0589");
script_name(english:"Amazon Linux 2023 : openssl, openssl-devel, openssl-fips-provider-latest (ALAS2023-2026-1853)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2023 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1853 advisory.
Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitiveelement whose content exceeds
2 gigabytes in length may cause a heap bufferover-read on 64-bit Unix and Unix-like platforms.
Impact summary: The heap buffer over-read may crash the application (Denial ofService) or to load into the
decoded ASN.1 object contents of memory beyond theend of the input buffer. More typically such ASN.1
elements would instead betruncated.
An integer truncation in OpenSSL's ASN.1 decoder causes the content length ofan ASN.1 primitive element to
be mishandled when it exceeds 2 gigabytes. In theworst case the truncated length is treated as a request
to scan the binarycontent for a terminating zero byte, possibly causing OpenSSL to read eitherless than or
beyond the end of the allocated buffer.
Applications that pass attacker-supplied data to d2i_X509(), d2i_PKCS7(), orany other d2i_* decoding
function are affected. OpenSSL's own command-linetools are not vulnerable, as data read through the BIO
layer is checked beforeit reaches the affected code. The issue only affects 64-bit Unix and Unix-
likeplatforms; 32-bit platforms and 64-bit Windows are not affected.
The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by this issue,as the affected code is
outside the OpenSSL FIPS module boundary. (CVE-2026-34180)
Issue Summary: The PKCS#12 file processing fails to perform sufficient inputvalidation for files that use
Password-Based Message Authentication Code 1(PBMAC1) integrity mechanism allowing a certificate and
private key forgery.
Impact Summary: An attacker impersonating a user can cause a service readingPKCS#12 files to accept forged
certificates and private keys with a 1 in 256probability.
If a service accepting PKCS#12 files is using passwords for authenticatingthe received files, the attacker
can create unencrypted PKCS#12 files thatuse PBMAC1 authentication that specifies an HMAC key of only one
byte, allowingthem to craft a file that will be accepted with a 1 in 256 probability.That would then cause
the service to accept a certificate and private keycontrolled by the attacker.
The FIPS modules are not affected by this issue, as the affected code isoutside the OpenSSL FIPS module
boundary. (CVE-2026-34181)
Issue Summary: Cryptographic Message Services (CMS) processing fails to performsufficient input validation
on the cipher and tag length fields ofAuthEnvelopedData containers, leading to various potential
compromises.
Impact Summary: Attackers making use of these vulnerabilities may achievekey-equivalent functionality for
a given CMS recipient and/or bypass integrityvalidation for a given message.
In one use case, an attacker may send a CMS message containingAuthEnvelopedData with the cipher specified
as a non-AEAD cipher. OpenSSLerroneously allows this selection, and attempts to decrypt and validate
themessage.
An on-path attacker who captures one legitimate AES-GCM AuthEnvelopedDataaddressed to the victim can re-
emit it with the recipientInfos set leftbyte-for-byte intact, so the victim's private key still unwraps
the genuine CEK(the content-encryption key), but with the inner OID rewritten to AES-256-OFB(Output
Feedback Mode, an unauthenticated keystream mode) and with anattacker-chosen IV and ciphertext. The victim
initializes AES-256-OFB under thereal CEK, never consults the MAC field, and CMS_decrypt() returns
success.
If the application under attack responds to the attacker with any indicatorshowing success or failure of
the decryption effort, it is possible for theattacker to use this as an oracle to obtain key equivalent
functionality for theCEK used for the chosen recipient of the message.
In another use case, an attacker can reduce the tag length of the chosen AEADcipher for a given
AuthEnvelopedData container to be a single byte long,allowing an attacker to brute force CMS decryption,
producing an integritybypass for applications that trust CMS_decrypt() to reject modified content.
The FIPS modules are not affected by this issue. (CVE-2026-34182)
Issue summary: Remote peer may exhaust heap memory of the QUICserver or client by flooding it with packets
containing PATH_CHALLENGEframes.
Impact summary: A malicious remote peer can cause an unboundedmemory allocation which can lead to an
abnormal termination of theapplication acting as a QUIC client or server and a Denial of Service.
A remote peer may exhaust heap memory by flooding the localQUIC stack with PATH_CHALLENGE frames. The
local QUIC stackallocates a PATH_RESPONSE frame for every PATH_CHALLENGE it receives.The allocated
PATH_RESPONSE frame gets freed only when the remotepeer acknowledges reception of the PATH_RESPONSE frame
which willnot be done by a malicious peer.
The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected bythis issue. The QUIC stack is outside
of OpenSSL FIPS moduleboundary. (CVE-2026-34183)
Issue summary: Receiving a QUIC initial packet with an invalid token maytrigger a NULL pointer dereference
in the OpenSSL QUIC server withaddress validation disabled.
Impact summary: NULL pointer dereference typically causes abnormal terminationof the affected QUIC server
process and a Denial of Service.
If the address validation is disabled in the OpenSSL QUIC serverimplementation, an attacker can crash the
server by sending an initialpacket with an invalid or expired token.
By default, the client address validation is enabled in the OpenSSL QUIC serverimplementation, which makes
the default configuration not vulnerableto this issue. However if the SSL_LISTENER_FLAG_NO_VALIDATE is
used withthe SSL_new_listener() call, the address validation is disabled making thevulnerable code
reachable.
The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by thisissue, as the affected code is
outside the OpenSSL FIPS module boundary. (CVE-2026-42764)
Issue summary: A specially crafted password-encrypted CMS messagecan trigger a NULL pointer dereference
during CMS decryption.
Impact summary: This NULL pointer dereference leads to an application crashand a Denial of Service.
The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is defined asOPTIONAL in the ASN.1
specification and may therefore be absent in speciallycrafted inputs. During the password-based CMS
decryption the OpenSSLCMS implementation dereferences this field without first checking whether itwas
present.
An attacker who supplies such a CMS message to an application performingpassword-based CMS decryption can
trigger an application crash, leading toa Denial of Service.
Applications that process password-encrypted CMS messages may be affected.
The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by thisissue, as the affected code is
outside the OpenSSL FIPS module boundary. (CVE-2026-42766)
Issue summary: An attacker-controlled CMP (Certificate Management Protocol)server could trigger a NULL
pointer dereference in a CMP client application.
Impact summary: A NULL pointer dereference causes a crash of theapplication and a Denial of Service.
An attacker controlling a CMP server (or acting as a man-in-the-middle) couldcraft a CMP response
containing a CRMF (Certificate Request Message Format)CertRepMessage with an EncryptedValue structure
where the symmAlg fieldhas an algorithm OID but no parameters field. When the OpenSSL CMP clientprocesses
this response, the NULL dereference occurs, causing a crash ofthe CMP client.
Applications that process untrusted CMP/CRMF messages may be affected.
The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by thisissue, as the affected code is
outside the OpenSSL FIPS module boundary. (CVE-2026-42767)
Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable toBleichenbacher-style attack
when an attacker is able to provide the CMS orS/MIME messages and observe the error code and/or decryption
output.
Impact summary: The Bleichenbacher-style attack allows an attacker to use thevictim's vulnerable
application as a way to decrypt or sign messages with thevictim's private RSA key.
The attack is possible in 2 variants.
1. The decryption API (CMS_decrypt(), PKCS7_decrypt()) is used withoutproviding the recipient certificate.
In this case OpenSSL iterates over everyKeyTransRecipientInfo (KTRI) without stopping at the first
success.
An attacker who authors a message with two KTRI entries -- the first onewrapping a real CEK under the
victim's public key, the second with anarbitrary probe ciphertext -- obtains opportunity to iterate the
2nd KTRI toget a valid PKCS#1 v1.5 padding if the error code of the application isavailable.
That is a Bleichenbacher oracle (Bleichenbacher, CRYPTO '98): anadaptive-chosen-ciphertext side channel
from which the attacker decrypts anyRSA ciphertext to the victim's key or forges any PKCS#1 v1.5 signature
underit.
2. When the decryption API (CMS_decrypt(), PKCS7_decrypt()) is provided withthe recipient certificate, and
the recipient is not found, a randomkey is substituted.
An attacker who authors a message and is able to compare both error code andthe result of the decryption,
can mount a Bleichenbacher oracle.
We are not aware of any applications that provide a remote attackeran opportunity to mount an attack
described in these scenarios. We considerthe existence of such application very unlikely, and for this
reason thisCVE has been evaluated as Low severity.
To avoid these attacks, when RSA PKCS#1 v1.5 Key Transport is in use, theinvoked EVP_PKEY_decrypt() will
use the implicit rejection mechanism describedin draft-irtf-cfrg-rsa-guidance. In previous OpenSSL
releases the implicitrejection was explicitly disabled.
The implicit rejection mechanism always returns a plaintext value,the symmetric key. This result is
deterministic for the ciphertext and theprivate key. The length of the decryption result can happen to
match thelength of the key of the symmetric cipher that was used for the contentencryption. When a
certificate is not provided, the last RecipientInfoproducing a key that looks valid will be used. It may
cause getting garbagecontent on decryption. As a proper way to deal with this a recipientcertificate has
to be provided to identify the particular RecipientInfo fordecryption.
The FIPS modules in 4.0, 3.6, 3.5, and 3.4 are not affected by this issue, asCMS and S/MIME processing
happens outside the OpenSSL FIPS module boundary. (CVE-2026-42768)
Issue Summary: An error in the callback used to verify the certificateprovided in a Root CA key update
Certificate Management Protocol (CMP)message response rendered the certificate validation ineffectual,
whichcould lead to escalation of credentials from the Registration Authority (RA)level to the root
Certification Authority (root CA) level.
Impact Summary: The Registration Autority could replace the root CAcertificate for the CMP clients with an
arbitrary root CA certificate.
One of the parts of the Certificate Management Protocol (CMP), specified inRFC 9810, is Root Certification
Authority (root CA) key Rollover,which is sent by the server in a message with type 'id-it-
rootCaKeyUpdate'.As part of these messages, 'newWithOld' certificate, the new root CAcertificate signed
with the old root CA key, is provided, and verifying itssignature is crucial for transferring the trust
from the old CA key to thenew one.
The 'id-it-rootCaKeyUpdate' messages are expected to be processed withOSSL_CMP_get1_rootCaKeyUpdate(),
that is expected to verify the 'newWithOld'certificate. A typo in the certificate chain building code led
to addingan incorrect certificate ('newWithOld' instead of 'oldRoot') to thecertificate chain, rendering
the certificate verification process ineffectual(only the issuer name and the algorithm OIDs were verified
by other partsof the verification code).
An attacker who already has credentials that satisfy the CMP messageprotection checks can generate a new
key pair and use a crafted self-signedcertificate in its 'id-it-rootCaKeyUpdate' CMP messages which
affected CMPclients would accept as a new trust anchor.
Significant preconditions for the attack (having valid RA-level credentials)are the reason the issue was
assigned Low severity.
The FIPS modules are not affected by this issue, as the affected code isoutside the OpenSSL FIPS module
boundary. (CVE-2026-42769)
Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42)peer key, the peer key is not
properly checked for the subgroup membership.
Impact summary: A malicious peer which presents an X9.42 key carrying thevictim's p and g parameters, a
forged q = r (a small prime factor of thecofactor (p-1)/q_local), and a public value Y of order r can
recover thevictim's private key after a small number of key exchange attempts.
When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, thesubgroup membership check Y^q
[?] 1 (mod p) is performed using the peer'sown q parameter, not the local key's q. The peer's domain
parameters arethen matched against the domain parameters of the private key, but the valueof q is not
compared.
A malicious peer who presents an X9.42 key carrying the victim's p, g,a forged q = r (a small prime factor
of the cofactor), and a publicvalue Y of order r passes all checks. The shared secret then takes onlyr
distinct values, leaking priv mod r. Repeating for each small-primefactor of the cofactor and combining
via CRT recovers the full privatekey (Lim-Lee / small-subgroup-confinement attack).
The realistic attack surface is narrow: principally CMP deployments withlong-lived RA/CA DHX keys and
bespoke enterprise or government applicationsusing X9.42 DHX static keys with interactive protocols and
therefore thisissue was assigned Low severity.
The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are affected by thisissue. (CVE-2026-42770)
Issue summary: When an application drives an AES-OCB context through thepublic EVP_Cipher() one-shot
interface, the application-suppliedinitialisation vector (IV) is silently discarded.
Impact summary: Every message encrypted under the same key uses thesame effective nonce regardless of the
IV supplied by the caller,resulting in (key, nonce) reuse and loss of confidentiality. If thesame code
path is used to compute the authentication tag, the tagdepends only on the (key, IV) pair and not on the
plaintext orciphertext, allowing universal forgery of arbitrary ciphertext from asingle captured message.
OpenSSL provides two ways to drive a cipher: the documented streaminginterface (EVP_CipherUpdate /
EVP_CipherFinal_ex) and a lower-levelone-shot, EVP_Cipher(), whose documentation explicitly
recommendsagainst use by applications in favour of EVP_CipherUpdate() andEVP_CipherFinal_ex(). The OCB
provider's streaming handler flushesthe application-supplied IV into the OCB context before
processingdata; the one-shot handler did not. Every call to EVP_Cipher() on anAES-OCB context therefore
ran with the all-zero key-derived offsetstate left by cipher initialisation, regardless of the caller's
IV.
If EVP_EncryptFinal_ex() is subsequently used to obtain theauthentication tag, the deferred IV setup runs
at that point andclears the running checksum that should have been accumulated over theplaintext. The
resulting tag is a function of (key, IV) only andverifies against any ciphertext produced under the same
(key, IV)pair.
The OpenSSL SSL/TLS implementation is not affected: AES-OCB is not aTLS cipher suite, and libssl does not
call EVP_Cipher() in any case.Applications that drive AES-OCB through the documented streaming AEADAPI
(EVP_CipherUpdate / EVP_CipherFinal_ex) are not affected. Onlyapplications that combine the AES-OCB
cipher with the EVP_Cipher()one-shot API are vulnerable.
The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected bythis issue, as AES-OCB is outside the
OpenSSL FIPS module boundary. (CVE-2026-45445)
Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV(RFC 8452) mishandle the
authentication of AAD (Additional AuthenticatedData) with an empty ciphertext allowing a forgery of such
messages.
Impact summary: An attacker can forge empty messages with arbitrary AADto the victim's application using
these ciphers.
AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) are nonce-misuse-resistant AEADmodes: they accept a key,
nonce, optional AAD (bytes that are authenticatedbut not encrypted), and plaintext, and produces
ciphertext plus a 16-bytetag. On decrypt, `EVP_DecryptFinal_ex()` is documented to return success onlyif
the tag is verified succesfully.
In OpenSSL's provider implementation of these ciphers, the expected tag iscomputed only when decryption
function is invoked with non-empty data.If the caller supplies AAD and then calls `EVP_DecryptFinal_ex()`
withoutinvocation of the ciphertext update, which can happen when the receivedciphertext length is zero,
the tag is never recalculated and still holds itsall-zeros value.
When AES-GCM-SIV is used, an attacker who sends arbitrary AAD, emptyciphertext, and all-zeros tag passes
authentication under any key they do notknow, single-shot. When AES-SIV is used, for mounting the attack
it'snecessary for the application to reuse the decryption context withoutresetting the key.
AES-SIV is implemented since OpenSSL 3.0. AES-GCM-SIV is implemented sinceOpenSSL 3.2.
No protocols implemented in OpenSSL itself (TLS/CMS/PKCS7/HPKE/QUIC) supporteither AES-GCM-SIV or AES-SIV.
To mount an attack, the applications mustimplement their own protocol and use the EVP interface. Also they
must skip theciphertext update when a message with an empty ciphertext arrives.
The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by thisissue, as these algorithms are not
FIPS approved and the affected code isoutside the OpenSSL FIPS module boundary. (CVE-2026-45446)
Issue summary: A specially crafted PKCS#7 or S/MIME signed message couldtrigger a use-after-free during
PKCS#7 signature verification.
Impact summary: A use-after-free may result in process crashes, heapcorruption, or potentially remote code
execution.
When processing a PKCS#7 or S/MIME signed message, if the SignedDatadigestAlgorithms field is present as
an empty ASN.1 SET, OpenSSL mayincorrectly free a caller-owned BIO during PKCS7_verify(). A subsequentuse
of the BIO by the calling application results in a use-after-freecondition.
In the common case this occurs when the application later callsBIO_free() on the BIO originally passed to
PKCS7_verify(). Dependingon allocator behavior and application-specific BIO usage patterns, thismay result
in a crash or other memory corruption. In some applicationcontexts this may potentially be exploitable for
remote code execution.
Applications that process PKCS#7 or S/MIME signed messages using OpenSSLPKCS#7 APIs may be affected.
Applications using the CMS APIs for thisprocessing are not affected.
The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by thisissue, as the affected code is
outside the OpenSSL FIPS module boundary. (CVE-2026-45447)
Issue summary: A signed integer overflow when sizing the destinationbuffer for Unicode output in
ASN1_mbstring_ncopy() can lead to a heapbuffer overflow.
Impact summary: A heap buffer overflow may lead to a crash or possiblyattacker controlled code execution
or other undefined behaviour.
In ASN1_mbstring_copy() and ASN1_mbstring_ncopy() the destinationsize for Unicode output is computed in a
signed int: by left shiftof the input character count for BMPSTRING (UTF-16) andUNIVERSALSTRING (UTF-32),
and by summing per-character byte countsfor UTF8STRING. The calculation overflows when the input
reachesaround 2^30 characters. In the worst case (UNIVERSALSTRING at 2^30characters) the size wraps to
zero, OPENSSL_malloc(1) is called, andthe subsequent character copy writes several gigabytes past theone-
byte allocation.
X.509 certificate processing routes through ASN1_STRING_set_by_NID(),whose DIRSTRING_TYPE mask excludes
UNIVERSALSTRING and whose per-NIDsize limits cap the input length; no network protocol orcertificate-
handling path in OpenSSL exercises the overflow.Triggering the bug requires an application that
callsASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly, or registersa custom string type via
ASN1_STRING_TABLE_add(), withattacker-controlled input on the order of half a gigabyte or more.For these
reasons this issue was assigned Low severity.
The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected bythis issue, as the affected code is
outside the OpenSSL FIPS moduleboundary. (CVE-2026-7383)
Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap)processes attacker-supplied
CMS data, an attacker-chosen stream-mode KEKcipher can trigger a heap out-of-bounds read in
kek_unwrap_key().
Impact summary: A heap buffer over-read may trigger a crash which leads toDenial of Service for an
application if the input buffer ends at a memorypage boundary and the following page is unmapped. There is
no informationdisclosure as the over-read bytes are not revealed to the attacker.
The key unwrapping function performs a check-byte test as specified in theRFC that reads 7 bytes from a
heap allocation that is based on the wrappedkey length from the message. There is a minimum length check
based on theblock length of the wrapping cipher. However the cipher is selected froman OID carried in the
attacker's PWRI keyEncryptionAlgorithm with norequirement that the cipher be a block cipher. When an
attacker selectsa stream-mode cipher the guard will be ineffective and the allocated buffercontaining the
unwrapped key can be too small to fit the check-bytesspecified in the RFC and a buffer over-read can
happen.
Applications calling CMS_decrypt() or CMS_decrypt_set1_password()(equivalently openssl cms -decrypt
-pwri_password ...) on untrusted CMSdata are vulnerable to this issue. No password knowledge is required:
theover-read happens during the unwrap attempt before any authenticationsucceeds.
The over-read is limited to a few bytes and is not written to output, sothere is no information
disclosure. Triggering a crash requires theallocation to border unmapped memory, which is unlikely with
the normalallocator.
The FIPS modules are not affected by this issue. (CVE-2026-9076)
Tenable has extracted the preceding description block directly from the tested product security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com//AL2023/ALAS2023-2026-1853.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-34180.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-34181.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-34182.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-34183.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-42764.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-42766.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-42767.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-42768.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-42769.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-42770.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-45445.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-45446.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-45447.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-7383.html");
script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-9076.html");
script_set_attribute(attribute:"solution", value:
"Run 'dnf update openssl --releasever 2023.12.20260622' or
or 'dnf update --advisory ALAS2023-2026-1853 --releasever 2023.12.20260622' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-45447");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2026-34182");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/09");
script_set_attribute(attribute:"patch_publication_date", value:"2026/06/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/22");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-fips-provider-latest");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-fips-provider-latest-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-libs-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-perl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-snapsafe-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-snapsafe-libs-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2023");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm2.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "-2023")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2023", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var pkgs = [
{'reference':'openssl-3.5.5-1.amzn2023.0.5', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'openssl-3.5.5-1.amzn2023.0.5', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'openssl-debuginfo-3.5.5-1.amzn2023.0.5', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'openssl-debuginfo-3.5.5-1.amzn2023.0.5', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'openssl-debugsource-3.5.5-1.amzn2023.0.5', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'openssl-debugsource-3.5.5-1.amzn2023.0.5', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'openssl-devel-3.5.5-1.amzn2023.0.5', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'openssl-devel-3.5.5-1.amzn2023.0.5', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'openssl-fips-provider-latest-3.5.5-1.amzn2023.0.5', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'openssl-fips-provider-latest-3.5.5-1.amzn2023.0.5', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'openssl-fips-provider-latest-debuginfo-3.5.5-1.amzn2023.0.5', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'openssl-fips-provider-latest-debuginfo-3.5.5-1.amzn2023.0.5', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'openssl-libs-3.5.5-1.amzn2023.0.5', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'openssl-libs-3.5.5-1.amzn2023.0.5', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'openssl-libs-debuginfo-3.5.5-1.amzn2023.0.5', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'openssl-libs-debuginfo-3.5.5-1.amzn2023.0.5', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'openssl-perl-3.5.5-1.amzn2023.0.5', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'openssl-perl-3.5.5-1.amzn2023.0.5', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'openssl-snapsafe-libs-3.5.5-1.amzn2023.0.5', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'openssl-snapsafe-libs-3.5.5-1.amzn2023.0.5', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'openssl-snapsafe-libs-debuginfo-3.5.5-1.amzn2023.0.5', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'openssl-snapsafe-libs-debuginfo-3.5.5-1.amzn2023.0.5', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-debuginfo / openssl-debugsource / etc");
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation