Lucene search
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.ALMA_LINUX_ALSA-2022-7524.NASLHistoryNov 12, 2022 - 12:00 a.m.
AlmaLinux 8 : yajl (ALSA-2022:7524)
2022-11-1200:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
almalinux 8
yajl-ruby
vulnerability
integer overflow
heap memory corruption
large inputs
cve-2022-24795
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.013
Percentile
85.9%
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7524 advisory.
- yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of
yajlcontain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic atyajl_buf.c#L64may result in theneed32bit integer wrapping to 0 whenneedapproaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared assize_tin the 2.x branch ofyajl, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on whichsize_tis a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL. (CVE-2022-24795)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# AlmaLinux Security Advisory ALSA-2022:7524.
##
include('compat.inc');
if (description)
{
script_id(167315);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/04");
script_cve_id("CVE-2022-24795");
script_xref(name:"ALSA", value:"2022:7524");
script_name(english:"AlmaLinux 8 : yajl (ALSA-2022:7524)");
script_set_attribute(attribute:"synopsis", value:
"The remote AlmaLinux host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the
ALSA-2022:7524 advisory.
- yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x
branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing
with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit
integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a
reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x
branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this
does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent
population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory
corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for
arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version
1.4.2. As a workaround, avoid passing large inputs to YAJL. (CVE-2022-24795)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://errata.almalinux.org/8/ALSA-2022-7524.html");
script_set_attribute(attribute:"solution", value:
"Update the affected yajl and / or yajl-devel packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-24795");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(119, 190);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/04/05");
script_set_attribute(attribute:"patch_publication_date", value:"2022/11/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:yajl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:yajl-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::appstream");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::powertools");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Alma Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AlmaLinux/release", "Host/AlmaLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/AlmaLinux/release');
if (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');
var os_ver = pregmatch(pattern: "AlmaLinux release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);
if (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);
var pkgs = [
{'reference':'yajl-2.1.0-11.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'yajl-devel-2.1.0-11.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'yajl / yajl-devel');
}
Related
osv
osv
CVE-2022-24795
2022-04-05 16:15:14
Moderate: yajl security update
2022-11-08 00:00:00
Moderate: yajl security update
2022-11-08 06:21:57
nessus
nessus
EulerOS Virtualization 2.9.1 : yajl (EulerOS-SA-2023-1210)
2023-01-10 00:00:00
RHEL 9 : yajl (RHSA-2022:8252)
2022-11-16 00:00:00
Oracle Linux 8 : yajl (ELSA-2022-7524)
2022-11-16 00:00:00
oraclelinux
oraclelinux
yajl security update
2022-11-22 00:00:00
yajl security update
2022-11-15 00:00:00
amazon
amazon
Medium: yajl
2023-06-21 19:11:00
debiancve
debiancve
CVE-2022-24795
2022-04-05 16:15:14
rubygems
rubygems
Reallocation bug can trigger heap memory corruption
2022-04-04 21:00:00
openvas
openvas
openSUSE: Security Advisory for libyajl (SUSE-SU-2022:3162-1)
2022-09-08 00:00:00
Huawei EulerOS: Security Advisory for yajl (EulerOS-SA-2022-1776)
2022-05-25 00:00:00
Huawei EulerOS: Security Advisory for yajl (EulerOS-SA-2023-1181)
2023-01-12 00:00:00
almalinux
almalinux
Moderate: yajl security update
2022-11-15 00:00:00
Moderate: yajl security update
2022-11-08 00:00:00
redhat
redhat
(RHSA-2022:7524) Moderate: yajl security update
2022-11-08 06:21:57
(RHSA-2022:8252) Moderate: yajl security update
2022-11-15 06:19:32
(RHSA-2024:2063) Moderate: yajl security update
2024-04-25 14:45:06
github
github
Buffer Overflow in yajl-ruby
2022-04-05 15:55:51
redhatcve
redhatcve
CVE-2022-24795
2022-04-07 09:54:18
prion
prion
Integer overflow
2022-04-05 16:15:00
rocky
rocky
yajl security update
2022-11-08 06:21:57
yajl security update
2022-11-15 06:19:32
ubuntucve
ubuntucve
CVE-2022-24795
2022-04-05 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-24795 affecting package rubygem-yajl-ruby 1.4.1-1
2022-05-12 02:16:39
cve
cve
CVE-2022-24795
2022-04-05 16:15:14
suse
suse
Security update for libyajl (moderate)
2022-09-07 00:00:00
cvelist
cvelist
CVE-2022-24795 Buffer Overflow and Integer Overflow in yajl-ruby
2022-04-05 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-04-06 03:42:26
nvd
nvd
CVE-2022-24795
2022-04-05 16:15:14
ubuntu
ubuntu
YAJL vulnerabilities
2023-07-18 00:00:00
YAJL vulnerabilities
2023-12-14 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: yajl-2.1.0-21.fc38
2023-07-16 01:27:03
[SECURITY] Fedora 37 Update: yajl-2.1.0-21.fc37
2023-07-27 02:05:39
debian
debian
[SECURITY] [DLA 3492-1] yajl security update
2023-07-11 17:48:41
[SECURITY] [DLA 3516-1] burp security update
2023-08-05 15:23:20
photon
photon
Important Photon OS Security Update - PHSA-2022-0399
2022-06-03 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0399
2022-06-03 00:00:00
ibm
ibm
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.013
Percentile
85.9%
Related for ALMA_LINUX_ALSA-2022-7524.NASL