Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2023-1082.NASL
HistoryJan 06, 2023 - 12:00 a.m.

EulerOS Virtualization 3.0.2.6 : icu (EulerOS-SA-2023-1082)

2023-01-0600:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
euleros
virtualization
icu package
use after free
vulnerability
cve-2020-21913

0.001 Low

EPSS

Percentile

43.9%

JSON

According to the versions of the icu package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  • International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp. (CVE-2020-21913)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(169622);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/11");

  script_cve_id("CVE-2020-21913");

  script_name(english:"EulerOS Virtualization 3.0.2.6 : icu (EulerOS-SA-2023-1082)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the icu package installed, the EulerOS Virtualization installation on the remote host is
affected by the following vulnerabilities :

  - International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in
    the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp. (CVE-2020-21913)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1082
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0b8bf4fd");
  script_set_attribute(attribute:"solution", value:
"Update the affected icu packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-21913");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/09/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/01/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libicu");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.6");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.6") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.6");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "x86" >!< cpu) audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

var flag = 0;

var pkgs = [
  "libicu-50.1.2-15.h10.eulerosv2r7"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "icu");
}
VendorProductVersionCPE
huaweieuleroslibicup-cpe:/a:huawei:euleros:libicu
huaweieulerosuvpcpe:/o:huawei:euleros:uvp:3.0.2.6

Related

ubuntucve 1
redhatcve 1
amazon 2
osv 4
openvas 23
nessus 22
debian 2
cvelist 1
suse 1
ubuntu 1
nvd 1
cloudfoundry 1
veracode 1
prion 1
alpinelinux 1
debiancve 1
cve 1
ibm 1
ics 1
ubuntucve
ubuntucve
CVE-2020-21913
2021-09-20 00:00:00
redhatcve
redhatcve
CVE-2020-21913
2021-09-22 18:10:43
amazon
amazon
Medium: libicu60
2023-07-20 17:30:00
Medium: icu
2023-07-20 17:30:00
osv
osv
A security issue was fixed in ICU
2021-11-04 20:12:07
icu - security update
2021-10-12 00:00:00
CVE-2020-21913
2021-09-20 14:15:08
openvas
openvas
Huawei EulerOS: Security Advisory for icu (EulerOS-SA-2021-2804)
2021-12-26 00:00:00
Huawei EulerOS: Security Advisory for icu (EulerOS-SA-2022-1168)
2022-02-24 00:00:00
Huawei EulerOS: Security Advisory for icu (EulerOS-SA-2023-1082)
2023-01-09 00:00:00
nessus
nessus
EulerOS Virtualization 3.0.6.0 : icu (EulerOS-SA-2022-1045)
2022-02-11 00:00:00
EulerOS 2.0 SP10 : icu (EulerOS-SA-2022-1226)
2022-02-25 00:00:00
EulerOS Virtualization 2.10.0 : icu (EulerOS-SA-2022-1400)
2022-04-18 00:00:00
debian
debian
[SECURITY] [DLA 2784-1] icu security update
2021-10-12 10:39:23
[SECURITY] [DSA 5014-1] icu security update
2021-11-28 15:58:02
cvelist
cvelist
CVE-2020-21913
2021-09-20 13:55:28
suse
suse
Security update for icu (moderate)
2022-09-07 00:00:00
ubuntu
ubuntu
ICU vulnerability
2021-11-04 00:00:00
nvd
nvd
CVE-2020-21913
2021-09-20 14:15:08
cloudfoundry
cloudfoundry
USN-5133-1: ICU vulnerability | Cloud Foundry
2022-01-20 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-11-07 03:05:39
prion
prion
Design/Logic Flaw
2021-09-20 14:15:00
alpinelinux
alpinelinux
CVE-2020-21913
2021-09-20 14:15:08
debiancve
debiancve
CVE-2020-21913
2021-09-20 14:15:08
cve
cve
CVE-2020-21913
2021-09-20 14:15:08
ibm
ibm
Security Bulletin: Mutiple vulnerabilties affecting Watson Machine Learning Accelerator on Cloud Pak for Data
2023-12-12 17:39:17
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00

0.001 Low

EPSS

Percentile

43.9%

JSON
Related for EULEROS_SA-2023-1082.NASL
ubuntucve1redhatcve1amazon2osv4openvas23nessus22debian2cvelist1suse1ubuntu1nvd1cloudfoundry1veracode1prion1alpinelinux1debiancve1cve1ibm1ics1