Lucene search
EulerOS 2.0 SP10 : numpy (EulerOS-SA-2022-1648)
🗓️ 06 May 2022 00:00:00Reported by This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.Type 
nessus🔗 www.tenable.com👁 16 Views
EulerOS 2.0 SP10 numpy package vulnerable to Null Pointer Dereferenc
Show more
| Reporter | Title | Published | Views | Family All 93 |
|---|---|---|---|---|
 | CVE-2021-41495 | 22 Dec 202119:23 | – | redhatcve |
| RHEL 8 : Red Hat OpenStack Platform 16.2.4 (numpy) (RHSA-2022:8852) | 23 Jan 202300:00 | – | nessus |
| EulerOS Virtualization 3.0.2.0 : numpy (EulerOS-SA-2023-1720) | 7 May 202300:00 | – | nessus |
| EulerOS 2.0 SP10 : numpy (EulerOS-SA-2022-1662) | 6 May 202200:00 | – | nessus |
| FreeBSD : py-numpy -- Missing return-value validation of the function PyArray_DescrNew (b51cfaea-e919-11ec-9fba-080027240888) | 11 Jun 202200:00 | – | nessus |
| EulerOS Virtualization 3.0.2.2 : numpy (EulerOS-SA-2023-1279) | 30 Jan 202300:00 | – | nessus |
| EulerOS 2.0 SP5 : numpy (EulerOS-SA-2022-1906) | 17 Jun 202200:00 | – | nessus |
| SUSE SLES12 Security Update : python-numpy (SUSE-SU-2022:2793-1) | 13 Aug 202200:00 | – | nessus |
| EulerOS 2.0 SP3 : numpy (EulerOS-SA-2022-2626) | 27 Oct 202200:00 | – | nessus |
| Linux Distros Unpatched Vulnerability : CVE-2021-41495 | 5 Mar 202500:00 | – | nessus |
10
| Source | Link |
|---|---|
| nessus | www.nessus.org/u |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(160662);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/30");
script_cve_id("CVE-2021-41495");
script_name(english:"EulerOS 2.0 SP10 : numpy (EulerOS-SA-2022-1648)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the versions of the numpy package installed, the EulerOS installation on the remote host is affected by the
following vulnerabilities :
- ** DISPUTED ** Null Pointer Dereference vulnerability exists in numpy.sort in NumPy < and 1.19 in the
PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS
attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error can
only occur due to an exhaustion of memory. If the user can exhaust memory, they are already privileged.
Further, it should be practically impossible to construct an attack which can target the memory exhaustion
to occur at exactly this place. (CVE-2021-41495)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1648
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5ba38eb7");
script_set_attribute(attribute:"solution", value:
"Update the affected numpy packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-41495");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/12/17");
script_set_attribute(attribute:"patch_publication_date", value:"2022/05/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/05/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-numpy");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");
var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(10)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
var flag = 0;
var pkgs = [
"python3-numpy-1.16.5-3.h5.eulerosv2r10"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"10", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "numpy");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo06 May 2022 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS23.5
CVSS35.3
EPSS0.0009