Lucene search
K

Amazon Linux 2023 : openssl, openssl-devel, openssl-fips-provider-latest (ALAS2023-2026-1853)

🗓️ 22 Jun 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 11 Views

OpenSSL on Amazon Linux 2023 has heap over-read and PKCS#12 forgery risk on 64-bit Unix.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2026-1853.
##

include('compat.inc');

if (description)
{
  script_id(322070);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/22");

  script_cve_id(
    "CVE-2026-7383",
    "CVE-2026-9076",
    "CVE-2026-34180",
    "CVE-2026-34181",
    "CVE-2026-34182",
    "CVE-2026-34183",
    "CVE-2026-42764",
    "CVE-2026-42766",
    "CVE-2026-42767",
    "CVE-2026-42768",
    "CVE-2026-42769",
    "CVE-2026-42770",
    "CVE-2026-45445",
    "CVE-2026-45446",
    "CVE-2026-45447"
  );
  script_xref(name:"IAVA", value:"2026-A-0589");

  script_name(english:"Amazon Linux 2023 : openssl, openssl-devel, openssl-fips-provider-latest (ALAS2023-2026-1853)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2023 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1853 advisory.

    Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitiveelement whose content exceeds
    2 gigabytes in length may cause a heap bufferover-read on 64-bit Unix and Unix-like platforms.

    Impact summary: The heap buffer over-read may crash the application (Denial ofService) or to load into the
    decoded ASN.1 object contents of memory beyond theend of the input buffer.  More typically such ASN.1
    elements would instead betruncated.

    An integer truncation in OpenSSL's ASN.1 decoder causes the content length ofan ASN.1 primitive element to
    be mishandled when it exceeds 2 gigabytes. In theworst case the truncated length is treated as a request
    to scan the binarycontent for a terminating zero byte, possibly causing OpenSSL to read eitherless than or
    beyond the end of the allocated buffer.

    Applications that pass attacker-supplied data to d2i_X509(), d2i_PKCS7(), orany other d2i_* decoding
    function are affected. OpenSSL's own command-linetools are not vulnerable, as data read through the BIO
    layer is checked beforeit reaches the affected code. The issue only affects 64-bit Unix and Unix-
    likeplatforms; 32-bit platforms and 64-bit Windows are not affected.

    The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by this issue,as the affected code is
    outside the OpenSSL FIPS module boundary. (CVE-2026-34180)

    Issue Summary: The PKCS#12 file processing fails to perform sufficient inputvalidation for files that use
    Password-Based Message Authentication Code 1(PBMAC1) integrity mechanism allowing a certificate and
    private key forgery.

    Impact Summary: An attacker impersonating a user can cause a service readingPKCS#12 files to accept forged
    certificates and private keys with a 1 in 256probability.

    If a service accepting PKCS#12 files is using passwords for authenticatingthe received files, the attacker
    can create unencrypted PKCS#12 files thatuse PBMAC1 authentication that specifies an HMAC key of only one
    byte, allowingthem to craft a file that will be accepted with a 1 in 256 probability.That would then cause
    the service to accept a certificate and private keycontrolled by the attacker.

    The FIPS modules are not affected by this issue, as the affected code isoutside the OpenSSL FIPS module
    boundary. (CVE-2026-34181)

    Issue Summary: Cryptographic Message Services (CMS) processing fails to performsufficient input validation
    on the cipher and tag length fields ofAuthEnvelopedData containers, leading to various potential
    compromises.

    Impact Summary: Attackers making use of these vulnerabilities may achievekey-equivalent functionality for
    a given CMS recipient and/or bypass integrityvalidation for a given message.

    In one use case, an attacker may send a CMS message containingAuthEnvelopedData with the cipher specified
    as a non-AEAD cipher.  OpenSSLerroneously allows this selection, and attempts to decrypt and validate
    themessage.

    An on-path attacker who captures one legitimate AES-GCM AuthEnvelopedDataaddressed to the victim can re-
    emit it with the recipientInfos set leftbyte-for-byte intact, so the victim's private key still unwraps
    the genuine CEK(the content-encryption key), but with the inner OID rewritten to AES-256-OFB(Output
    Feedback Mode, an unauthenticated keystream mode) and with anattacker-chosen IV and ciphertext. The victim
    initializes AES-256-OFB under thereal CEK, never consults the MAC field, and CMS_decrypt() returns
    success.

    If the application under attack responds to the attacker with any indicatorshowing success or failure of
    the decryption effort, it is possible for theattacker to use this as an oracle to obtain key equivalent
    functionality for theCEK used for the chosen recipient of the message.

    In another use case, an attacker can reduce the tag length of the chosen AEADcipher for a given
    AuthEnvelopedData container to be a single byte long,allowing an attacker to brute force CMS decryption,
    producing an integritybypass for applications that trust CMS_decrypt() to reject modified content.

    The FIPS modules are not affected by this issue. (CVE-2026-34182)

    Issue summary: Remote peer may exhaust heap memory of the QUICserver or client by flooding it with packets
    containing PATH_CHALLENGEframes.

    Impact summary: A malicious remote peer can cause an unboundedmemory allocation which can lead to an
    abnormal termination of theapplication acting as a QUIC client or server and a Denial of Service.

    A remote peer may exhaust heap memory by flooding the localQUIC stack with PATH_CHALLENGE frames. The
    local QUIC stackallocates a PATH_RESPONSE frame for every PATH_CHALLENGE it receives.The allocated
    PATH_RESPONSE frame gets freed only when the remotepeer acknowledges reception of the PATH_RESPONSE frame
    which willnot be done by a malicious peer.

    The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected bythis issue. The QUIC stack is outside
    of OpenSSL FIPS moduleboundary. (CVE-2026-34183)

    Issue summary: Receiving a QUIC initial packet with an invalid token maytrigger a NULL pointer dereference
    in the OpenSSL QUIC server withaddress validation disabled.

    Impact summary: NULL pointer dereference typically causes abnormal terminationof the affected QUIC server
    process and a Denial of Service.

    If the address validation is disabled in the OpenSSL QUIC serverimplementation, an attacker can crash the
    server by sending an initialpacket with an invalid or expired token.

    By default, the client address validation is enabled in the OpenSSL QUIC serverimplementation, which makes
    the default configuration not vulnerableto this issue. However if the SSL_LISTENER_FLAG_NO_VALIDATE is
    used withthe SSL_new_listener() call, the address validation is disabled making thevulnerable code
    reachable.

    The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by thisissue, as the affected code is
    outside the OpenSSL FIPS module boundary. (CVE-2026-42764)

    Issue summary: A specially crafted password-encrypted CMS messagecan trigger a NULL pointer dereference
    during CMS decryption.

    Impact summary: This NULL pointer dereference leads to an application crashand a Denial of Service.

    The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is defined asOPTIONAL in the ASN.1
    specification and may therefore be absent in speciallycrafted inputs. During the password-based CMS
    decryption the OpenSSLCMS implementation dereferences this field without first checking whether itwas
    present.

    An attacker who supplies such a CMS message to an application performingpassword-based CMS decryption can
    trigger an application crash, leading toa Denial of Service.

    Applications that process password-encrypted CMS messages may be affected.

    The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by thisissue, as the affected code is
    outside the OpenSSL FIPS module boundary. (CVE-2026-42766)

    Issue summary: An attacker-controlled CMP (Certificate Management Protocol)server could trigger a NULL
    pointer dereference in a CMP client application.

    Impact summary: A NULL pointer dereference causes a crash of theapplication and a Denial of Service.

    An attacker controlling a CMP server (or acting as a man-in-the-middle) couldcraft a CMP response
    containing a CRMF (Certificate Request Message Format)CertRepMessage with an EncryptedValue structure
    where the symmAlg fieldhas an algorithm OID but no parameters field. When the OpenSSL CMP clientprocesses
    this response, the NULL dereference occurs, causing a crash ofthe CMP client.

    Applications that process untrusted CMP/CRMF messages may be affected.

    The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by thisissue, as the affected code is
    outside the OpenSSL FIPS module boundary. (CVE-2026-42767)

    Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable toBleichenbacher-style attack
    when an attacker is able to provide the CMS orS/MIME messages and observe the error code and/or decryption
    output.

    Impact summary: The Bleichenbacher-style attack allows an attacker to use thevictim's vulnerable
    application as a way to decrypt or sign messages with thevictim's private RSA key.

    The attack is possible in 2 variants.

    1. The decryption API (CMS_decrypt(), PKCS7_decrypt()) is used withoutproviding the recipient certificate.
    In this case OpenSSL iterates over everyKeyTransRecipientInfo (KTRI) without stopping at the first
    success.

    An attacker who authors a message with two KTRI entries -- the first onewrapping a real CEK under the
    victim's public key, the second with anarbitrary probe ciphertext -- obtains opportunity to iterate the
    2nd KTRI toget a valid PKCS#1 v1.5 padding if the error code of the application isavailable.

    That is a Bleichenbacher oracle (Bleichenbacher, CRYPTO '98): anadaptive-chosen-ciphertext side channel
    from which the attacker decrypts anyRSA ciphertext to the victim's key or forges any PKCS#1 v1.5 signature
    underit.

    2. When the decryption API (CMS_decrypt(), PKCS7_decrypt()) is provided withthe recipient certificate, and
    the recipient is not found, a randomkey is substituted.

    An attacker who authors a message and is able to compare both error code andthe result of the decryption,
    can mount a Bleichenbacher oracle.

    We are not aware of any applications that provide a remote attackeran opportunity to mount an attack
    described in these scenarios. We considerthe existence of such application very unlikely, and for this
    reason thisCVE has been evaluated as Low severity.

    To avoid these attacks, when RSA PKCS#1 v1.5 Key Transport is in use, theinvoked EVP_PKEY_decrypt() will
    use the implicit rejection mechanism describedin draft-irtf-cfrg-rsa-guidance. In previous OpenSSL
    releases the implicitrejection was explicitly disabled.

    The implicit rejection mechanism always returns a plaintext value,the symmetric key. This result is
    deterministic for the ciphertext and theprivate key.  The length of the decryption result can happen to
    match thelength of the key of the symmetric cipher that was used for the contentencryption. When a
    certificate is not provided, the last RecipientInfoproducing a key that looks valid will be used. It may
    cause getting garbagecontent on decryption. As a proper way to deal with this a recipientcertificate has
    to be provided to identify the particular RecipientInfo fordecryption.

    The FIPS modules in 4.0, 3.6, 3.5, and 3.4 are not affected by this issue, asCMS and S/MIME processing
    happens outside the OpenSSL FIPS module boundary. (CVE-2026-42768)

    Issue Summary: An error in the callback used to verify the certificateprovided in a Root CA key update
    Certificate Management Protocol (CMP)message response rendered the certificate validation ineffectual,
    whichcould lead to escalation of credentials from the Registration Authority (RA)level to the root
    Certification Authority (root CA) level.

    Impact Summary: The Registration Autority could replace the root CAcertificate for the CMP clients with an
    arbitrary root CA certificate.

    One of the parts of the Certificate Management Protocol (CMP), specified inRFC 9810, is Root Certification
    Authority (root CA) key Rollover,which is sent by the server in a message with type 'id-it-
    rootCaKeyUpdate'.As part of these messages, 'newWithOld' certificate, the new root CAcertificate signed
    with the old root CA key, is provided, and verifying itssignature is crucial for transferring the trust
    from the old CA key to thenew one.

    The 'id-it-rootCaKeyUpdate' messages are expected to be processed withOSSL_CMP_get1_rootCaKeyUpdate(),
    that is expected to verify the 'newWithOld'certificate.  A typo in the certificate chain building code led
    to addingan incorrect certificate ('newWithOld' instead of 'oldRoot') to thecertificate chain, rendering
    the certificate verification process ineffectual(only the issuer name and the algorithm OIDs were verified
    by other partsof the verification code).

    An attacker who already has credentials that satisfy the CMP messageprotection checks can generate a new
    key pair and use a crafted self-signedcertificate in its 'id-it-rootCaKeyUpdate' CMP messages which
    affected CMPclients would accept as a new trust anchor.

    Significant preconditions for the attack (having valid RA-level credentials)are the reason the issue was
    assigned Low severity.

    The FIPS modules are not affected by this issue, as the affected code isoutside the OpenSSL FIPS module
    boundary. (CVE-2026-42769)

    Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42)peer key, the peer key is not
    properly checked for the subgroup membership.

    Impact summary: A malicious peer which presents an X9.42 key carrying thevictim's p and g parameters, a
    forged q = r (a small prime factor of thecofactor (p-1)/q_local), and a public value Y of order r can
    recover thevictim's private key after a small number of key exchange attempts.

    When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, thesubgroup membership check Y^q
    [?] 1 (mod p) is performed using the peer'sown q parameter, not the local key's q. The peer's domain
    parameters arethen matched against the domain parameters of the private key, but the valueof q is not
    compared.

    A malicious peer who presents an X9.42 key carrying the victim's p, g,a forged q = r (a small prime factor
    of the cofactor), and a publicvalue Y of order r passes all checks. The shared secret then takes onlyr
    distinct values, leaking priv mod r. Repeating for each small-primefactor of the cofactor and combining
    via CRT recovers the full privatekey (Lim-Lee / small-subgroup-confinement attack).

    The realistic attack surface is narrow: principally CMP deployments withlong-lived RA/CA DHX keys and
    bespoke enterprise or government applicationsusing X9.42 DHX static keys with interactive protocols and
    therefore thisissue was assigned Low severity.

    The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are affected by thisissue. (CVE-2026-42770)

    Issue summary: When an application drives an AES-OCB context through thepublic EVP_Cipher() one-shot
    interface, the application-suppliedinitialisation vector (IV) is silently discarded.

    Impact summary: Every message encrypted under the same key uses thesame effective nonce regardless of the
    IV supplied by the caller,resulting in (key, nonce) reuse and loss of confidentiality.  If thesame code
    path is used to compute the authentication tag, the tagdepends only on the (key, IV) pair and not on the
    plaintext orciphertext, allowing universal forgery of arbitrary ciphertext from asingle captured message.

    OpenSSL provides two ways to drive a cipher: the documented streaminginterface (EVP_CipherUpdate /
    EVP_CipherFinal_ex) and a lower-levelone-shot, EVP_Cipher(), whose documentation explicitly
    recommendsagainst use by applications in favour of EVP_CipherUpdate() andEVP_CipherFinal_ex().  The OCB
    provider's streaming handler flushesthe application-supplied IV into the OCB context before
    processingdata; the one-shot handler did not.  Every call to EVP_Cipher() on anAES-OCB context therefore
    ran with the all-zero key-derived offsetstate left by cipher initialisation, regardless of the caller's
    IV.

    If EVP_EncryptFinal_ex() is subsequently used to obtain theauthentication tag, the deferred IV setup runs
    at that point andclears the running checksum that should have been accumulated over theplaintext.  The
    resulting tag is a function of (key, IV) only andverifies against any ciphertext produced under the same
    (key, IV)pair.

    The OpenSSL SSL/TLS implementation is not affected: AES-OCB is not aTLS cipher suite, and libssl does not
    call EVP_Cipher() in any case.Applications that drive AES-OCB through the documented streaming AEADAPI
    (EVP_CipherUpdate / EVP_CipherFinal_ex) are not affected.  Onlyapplications that combine the AES-OCB
    cipher with the EVP_Cipher()one-shot API are vulnerable.

    The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected bythis issue, as AES-OCB is outside the
    OpenSSL FIPS module boundary. (CVE-2026-45445)

    Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV(RFC 8452) mishandle the
    authentication of AAD (Additional AuthenticatedData) with an empty ciphertext allowing a forgery of such
    messages.

    Impact summary: An attacker can forge empty messages with arbitrary AADto the victim's application using
    these ciphers.

    AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) are nonce-misuse-resistant AEADmodes: they accept a key,
    nonce, optional AAD (bytes that are authenticatedbut not encrypted), and plaintext, and produces
    ciphertext plus a 16-bytetag. On decrypt, `EVP_DecryptFinal_ex()` is documented to return success onlyif
    the tag is verified succesfully.

    In OpenSSL's provider implementation of these ciphers, the expected tag iscomputed only when decryption
    function is invoked with non-empty data.If the caller supplies AAD and then calls `EVP_DecryptFinal_ex()`
    withoutinvocation of the ciphertext update, which can happen when the receivedciphertext length is zero,
    the tag is never recalculated and still holds itsall-zeros value.

    When AES-GCM-SIV is used, an attacker who sends arbitrary AAD, emptyciphertext, and all-zeros tag passes
    authentication under any key they do notknow, single-shot. When AES-SIV is used, for mounting the attack
    it'snecessary for the application to reuse the decryption context withoutresetting the key.

    AES-SIV is implemented since OpenSSL 3.0. AES-GCM-SIV is implemented sinceOpenSSL 3.2.

    No protocols implemented in OpenSSL itself (TLS/CMS/PKCS7/HPKE/QUIC) supporteither AES-GCM-SIV or AES-SIV.
    To mount an attack, the applications mustimplement their own protocol and use the EVP interface. Also they
    must skip theciphertext update when a message with an empty ciphertext arrives.

    The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by thisissue, as these algorithms are not
    FIPS approved and the affected code isoutside the OpenSSL FIPS module boundary. (CVE-2026-45446)

    Issue summary: A specially crafted PKCS#7 or S/MIME signed message couldtrigger a use-after-free during
    PKCS#7 signature verification.

    Impact summary: A use-after-free may result in process crashes, heapcorruption, or potentially remote code
    execution.

    When processing a PKCS#7 or S/MIME signed message, if the SignedDatadigestAlgorithms field is present as
    an empty ASN.1 SET, OpenSSL mayincorrectly free a caller-owned BIO during PKCS7_verify(). A subsequentuse
    of the BIO by the calling application results in a use-after-freecondition.

    In the common case this occurs when the application later callsBIO_free() on the BIO originally passed to
    PKCS7_verify(). Dependingon allocator behavior and application-specific BIO usage patterns, thismay result
    in a crash or other memory corruption. In some applicationcontexts this may potentially be exploitable for
    remote code execution.

    Applications that process PKCS#7 or S/MIME signed messages using OpenSSLPKCS#7 APIs may be affected.
    Applications using the CMS APIs for thisprocessing are not affected.

    The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by thisissue, as the affected code is
    outside the OpenSSL FIPS module boundary. (CVE-2026-45447)

    Issue summary: A signed integer overflow when sizing the destinationbuffer for Unicode output in
    ASN1_mbstring_ncopy() can lead to a heapbuffer overflow.

    Impact summary: A heap buffer overflow may lead to a crash or possiblyattacker controlled code execution
    or other undefined behaviour.

    In ASN1_mbstring_copy() and ASN1_mbstring_ncopy() the destinationsize for Unicode output is computed in a
    signed int: by left shiftof the input character count for BMPSTRING (UTF-16) andUNIVERSALSTRING (UTF-32),
    and by summing per-character byte countsfor UTF8STRING. The calculation overflows when the input
    reachesaround 2^30 characters. In the worst case (UNIVERSALSTRING at 2^30characters) the size wraps to
    zero, OPENSSL_malloc(1) is called, andthe subsequent character copy writes several gigabytes past theone-
    byte allocation.

    X.509 certificate processing routes through ASN1_STRING_set_by_NID(),whose DIRSTRING_TYPE mask excludes
    UNIVERSALSTRING and whose per-NIDsize limits cap the input length; no network protocol orcertificate-
    handling path in OpenSSL exercises the overflow.Triggering the bug requires an application that
    callsASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly, or registersa custom string type via
    ASN1_STRING_TABLE_add(), withattacker-controlled input on the order of half a gigabyte or more.For these
    reasons this issue was assigned Low severity.

    The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected bythis issue, as the affected code is
    outside the OpenSSL FIPS moduleboundary. (CVE-2026-7383)

    Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap)processes attacker-supplied
    CMS data, an attacker-chosen stream-mode KEKcipher can trigger a heap out-of-bounds read in
    kek_unwrap_key().

    Impact summary: A heap buffer over-read may trigger a crash which leads toDenial of Service for an
    application if the input buffer ends at a memorypage boundary and the following page is unmapped. There is
    no informationdisclosure as the over-read bytes are not revealed to the attacker.

    The key unwrapping function performs a check-byte test as specified in theRFC that reads 7 bytes from a
    heap allocation that is based on the wrappedkey length from the message. There is a minimum length check
    based on theblock length of the wrapping cipher. However the cipher is selected froman OID carried in the
    attacker's PWRI keyEncryptionAlgorithm with norequirement that the cipher be a block cipher. When an
    attacker selectsa stream-mode cipher the guard will be ineffective and the allocated buffercontaining the
    unwrapped key can be too small to fit the check-bytesspecified in the RFC and a buffer over-read can
    happen.

    Applications calling CMS_decrypt() or CMS_decrypt_set1_password()(equivalently openssl cms -decrypt
    -pwri_password ...) on untrusted CMSdata are vulnerable to this issue. No password knowledge is required:
    theover-read happens during the unwrap attempt before any authenticationsucceeds.

    The over-read is limited to a few bytes and is not written to output, sothere is no information
    disclosure. Triggering a crash requires theallocation to border unmapped memory, which is unlikely with
    the normalallocator.

    The FIPS modules are not affected by this issue. (CVE-2026-9076)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com//AL2023/ALAS2023-2026-1853.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-34180.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-34181.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-34182.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-34183.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-42764.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-42766.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-42767.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-42768.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-42769.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-42770.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-45445.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-45446.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-45447.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-7383.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-9076.html");
  script_set_attribute(attribute:"solution", value:
"Run 'dnf update openssl --releasever 2023.12.20260622' or
  or 'dnf update --advisory ALAS2023-2026-1853 --releasever 2023.12.20260622' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-45447");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2026-34182");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/06/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-fips-provider-latest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-fips-provider-latest-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-libs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-snapsafe-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openssl-snapsafe-libs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2023");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm2.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "-2023")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2023", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'openssl-3.5.5-1.amzn2023.0.5', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl-3.5.5-1.amzn2023.0.5', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl-debuginfo-3.5.5-1.amzn2023.0.5', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl-debuginfo-3.5.5-1.amzn2023.0.5', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl-debugsource-3.5.5-1.amzn2023.0.5', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl-debugsource-3.5.5-1.amzn2023.0.5', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl-devel-3.5.5-1.amzn2023.0.5', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl-devel-3.5.5-1.amzn2023.0.5', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl-fips-provider-latest-3.5.5-1.amzn2023.0.5', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl-fips-provider-latest-3.5.5-1.amzn2023.0.5', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl-fips-provider-latest-debuginfo-3.5.5-1.amzn2023.0.5', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl-fips-provider-latest-debuginfo-3.5.5-1.amzn2023.0.5', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl-libs-3.5.5-1.amzn2023.0.5', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl-libs-3.5.5-1.amzn2023.0.5', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl-libs-debuginfo-3.5.5-1.amzn2023.0.5', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl-libs-debuginfo-3.5.5-1.amzn2023.0.5', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl-perl-3.5.5-1.amzn2023.0.5', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl-perl-3.5.5-1.amzn2023.0.5', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl-snapsafe-libs-3.5.5-1.amzn2023.0.5', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl-snapsafe-libs-3.5.5-1.amzn2023.0.5', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl-snapsafe-libs-debuginfo-3.5.5-1.amzn2023.0.5', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'openssl-snapsafe-libs-debuginfo-3.5.5-1.amzn2023.0.5', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  var cves = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-debuginfo / openssl-debugsource / etc");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

22 Jun 2026 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 3.19.1
EPSS0.02719
SSVC
11