Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.FREEBSD_PKG_F90BF863E43C4DB3B5A8D9603684657A.NASLHistoryApr 18, 2024 - 12:00 a.m.
FreeBSD : electron{27,28,29} -- multiple vulnerabilities (f90bf863-e43c-4db3-b5a8-d9603684657a)
2024-04-1800:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
freebsd
electron
multiple vulnerabilities
integer overflow
memory corruption
out of bounds access
buffer overflow
chrome
security advisory
5.9 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
7.8 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f90bf863-e43c-4db3-b5a8-d9603684657a advisory.
-
An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.
(CVE-2024-1580) -
Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High) (CVE-2024-3157)
-
Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-3515)
-
Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-3516)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# @NOAGENT@
#
# The descriptive text and package checks in this plugin were
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2021 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
# copyright notice, this list of conditions and the following
# disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
# published online in any format, converted to PDF, PostScript,
# RTF and other formats) must reproduce the above copyright
# notice, this list of conditions and the following disclaimer
# in the documentation and/or other materials provided with the
# distribution.
#
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
include('compat.inc');
if (description)
{
script_id(193498);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/18");
script_cve_id(
"CVE-2024-1580",
"CVE-2024-3157",
"CVE-2024-3515",
"CVE-2024-3516"
);
script_name(english:"FreeBSD : electron{27,28,29} -- multiple vulnerabilities (f90bf863-e43c-4db3-b5a8-d9603684657a)");
script_set_attribute(attribute:"synopsis", value:
"The remote FreeBSD host is missing one or more security-related updates.");
script_set_attribute(attribute:"description", value:
"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple
vulnerabilities as referenced in the f90bf863-e43c-4db3-b5a8-d9603684657a advisory.
- An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This
can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.
(CVE-2024-1580)
- Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote
attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI
gestures. (Chromium security severity: High) (CVE-2024-3157)
- Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially
exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-3515)
- Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to
potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
(CVE-2024-3516)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://github.com/advisories/GHSA-3p7f-4r2q-wxmm");
script_set_attribute(attribute:"see_also", value:"https://github.com/advisories/GHSA-4m4g-p795-cmq7");
script_set_attribute(attribute:"see_also", value:"https://github.com/advisories/GHSA-jf9g-42gm-v87w");
script_set_attribute(attribute:"see_also", value:"https://github.com/advisories/GHSA-x6cj-gx36-vcxv");
# https://vuxml.freebsd.org/freebsd/f90bf863-e43c-4db3-b5a8-d9603684657a.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4262ec0c");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-1580");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/19");
script_set_attribute(attribute:"patch_publication_date", value:"2024/04/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:electron27");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:electron28");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:electron29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"FreeBSD Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
exit(0);
}
include("freebsd_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
var flag = 0;
var packages = [
'electron27<27.3.11',
'electron28<28.3.1',
'electron29<29.3.1'
];
foreach var package( packages ) {
if (pkg_test(save_report:TRUE, pkg: package)) flag++;
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : pkg_report_get()
);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| freebsd | freebsd | cpe:/o:freebsd:freebsd | |
| freebsd | freebsd | electron27 | p-cpe:/a:freebsd:freebsd:electron27 |
| freebsd | freebsd | electron29 | p-cpe:/a:freebsd:freebsd:electron29 |
| freebsd | freebsd | electron28 | p-cpe:/a:freebsd:freebsd:electron28 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1580
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3157
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3515
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3516
www.nessus.org/u?4262ec0c
github.com/advisories/GHSA-3p7f-4r2q-wxmm
github.com/advisories/GHSA-4m4g-p795-cmq7
github.com/advisories/GHSA-jf9g-42gm-v87w
github.com/advisories/GHSA-x6cj-gx36-vcxv
Related
freebsd
freebsd
electron{27,28,29} -- multiple vulnerabilities
2024-04-16 00:00:00
chromium -- multiple security fixes
2024-04-10 00:00:00
qt5-webengine -- Multiple vulnerabilities
2024-04-16 00:00:00
osv
osv
chromium - security update
2024-04-11 00:00:00
CVE-2024-3516
2024-04-10 19:15:49
CVE-2024-1580
2024-02-19 11:15:08
nessus
nessus
Google Chrome < 123.0.6312.122 Multiple Vulnerabilities
2024-04-10 00:00:00
Fedora 38 : chromium (2024-f94660c56d)
2024-04-14 00:00:00
Microsoft Edge (Chromium) < 123.0.2420.97 Multiple Vulnerabilities
2024-04-12 00:00:00
kaspersky
kaspersky
KLA65584 Multiple vulnerabilities in Microsoft Browser
2024-04-12 00:00:00
KLA65530 Multiple vulnerabilities in Google Chrome
2024-04-10 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: chromium-123.0.6312.122-1.fc39
2024-04-15 01:12:24
[SECURITY] Fedora 38 Update: chromium-123.0.6312.122-1.fc38
2024-04-14 03:08:48
[SECURITY] Fedora 40 Update: chromium-123.0.6312.122-1.fc40
2024-04-19 21:44:41
openvas
openvas
Google Chrome Security Update (stable-channel-update-for-desktop_10-2024-04) - Windows
2024-04-11 00:00:00
Google Chrome Security Update (stable-channel-update-for-desktop_10-2024-04) - Mac OS X
2024-04-11 00:00:00
Debian: Security Advisory (DSA-5656-1)
2024-04-12 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2024-04-10 00:00:00
debian
debian
[SECURITY] [DSA 5656-1] chromium security update
2024-04-11 18:27:13
[SECURITY] [DSA 5686-1] dav1d security update
2024-05-09 14:47:00
ubuntucve
ubuntucve
veracode
veracode
Heap Buffer Overflow
2024-04-14 03:25:25
Out-Of-Bounds
2024-04-14 08:50:36
Integer Overflow
2024-02-22 03:54:52
cvelist
cvelist
CVE-2024-3516
2024-04-10 18:41:38
CVE-2024-1580 Integer overflow in VideoLAN dav1d
2024-02-19 10:34:55
CVE-2024-3157
2024-04-10 18:41:38
apple
apple
About the security content of macOS Ventura 13.6.6
2024-03-25 00:00:00
About the security content of macOS Sonoma 14.4.1
2024-03-25 00:00:00
About the security content of iOS 17.4.1 and iPadOS 17.4.1
2024-03-21 00:00:00
mageia
mageia
Updated dav1d packages fix security vulnerability
2024-04-06 01:26:33
Updated chromium-browser-stable packages fix security vulnerabilities
2024-04-27 03:37:18
alpinelinux
alpinelinux
cve
cve
debiancve
debiancve
prion
prion
Integer overflow
2024-02-19 11:15:00
nvd
nvd
mscve
mscve
Chromium: CVE-2024-3157 Out of bounds write in Compositing
2024-04-12 15:52:08
Chromium: CVE-2024-3516 Heap buffer overflow in ANGLE
2024-04-12 15:52:06
Chromium: CVE-2024-3515 Use after free in Dawn
2024-04-12 15:52:02
vulnrichment
vulnrichment
CVE-2024-3515
2024-04-10 18:41:39
redos
redos
ROS-20240507-09
2024-05-07 00:00:00
5.9 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
7.8 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%
Related for FREEBSD_PKG_F90BF863E43C4DB3B5A8D9603684657A.NASL