Lucene search

HistoryJun 16, 2023 - 12:00 a.m.

Fedora 37 : mingw-glib2 (2023-1a7e2b3dda)

2023-06-1600:00:00

www.tenable.com

glib gvariant deserialization denial of service cve-2023-32665 cve-2023-29499 cve-2023-32611 cve-2023-32643 cve-2023-32636

7.4 High

AI Score

Confidence

High

JSON

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-1a7e2b3dda advisory.

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. (CVE-2023-32665)
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. (CVE-2023-29499)
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. (CVE-2023-32611)
A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665. (CVE-2023-32643)
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. (CVE-2023-32636)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2023-1a7e2b3dda
#

include('compat.inc');

if (description)
{
  script_id(177359);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/29");

  script_cve_id(
    "CVE-2023-29499",
    "CVE-2023-32611",
    "CVE-2023-32636",
    "CVE-2023-32643",
    "CVE-2023-32665"
  );
  script_xref(name:"FEDORA", value:"2023-1a7e2b3dda");

  script_name(english:"Fedora 37 : mingw-glib2 (2023-1a7e2b3dda)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2023-1a7e2b3dda advisory.

  - A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a
    crafted GVariant can cause excessive processing, leading to denial of service. (CVE-2023-32665)

  - A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the
    expected format, leading to denial of service. (CVE-2023-29499)

  - A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted
    GVariant can cause excessive processing, leading to denial of service. (CVE-2023-32611)

  - A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow
    introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does
    affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for
    CVE-2023-32665. (CVE-2023-32643)

  - A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service
    introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may
    be very slow. This bug does not affect any released version of glib but does affect glib distributors who
    followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. (CVE-2023-32636)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2023-1a7e2b3dda");
  script_set_attribute(attribute:"solution", value:
"Update the affected mingw-glib2 package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-32643");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/06/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/06/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/06/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:37");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mingw-glib2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^37([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 37', 'Fedora ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);

var pkgs = [
    {'reference':'mingw-glib2-2.74.7-1.fc37', 'release':'FC37', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && _release) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mingw-glib2');
}

VendorProductVersionCPE
fedoraprojectfedora37cpe:/o:fedoraproject:fedora:37
fedoraprojectfedoramingw-glib2p-cpe:/a:fedoraproject:fedora:mingw-glib2

Vendor	Product	Version	CPE
fedoraproject	fedora	37	cpe:/o:fedoraproject:fedora:37
fedoraproject	fedora	mingw-glib2	p-cpe:/a:fedoraproject:fedora:mingw-glib2

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29499

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32611

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32643

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32665

bodhi.fedoraproject.org/updates/FEDORA-2023-1a7e2b3dda

7.4 High

AI Score

Confidence

High

JSON

Related for FEDORA_2023-1A7E2B3DDA.NASL