Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.MARINER_HELM_CVE-2022-23525.NASLHistoryMar 20, 2023 - 12:00 a.m.
CBL Mariner 2.0 Security Update: helm (CVE-2022-23525)
2023-03-2000:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
0.001 Low
EPSS
Percentile
37.7%
The version of helm installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-23525 advisory.
- Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the _repo_package. The repo package contains a handler that processes the index file of a repository. For example, the Helm client adds references to chart repositories where charts are managed. The repo package parses the index file of the repository and loads it into structures Go can work with. Some index files can cause array data structures to be created causing a memory violation. Applications that use the repo package in the Helm SDK to parse an index file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with an index file that causes a memory violation panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate index files that are correctly formatted before passing them to the repo functions. (CVE-2022-23525)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(172898);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/28");
script_cve_id("CVE-2022-23525");
script_name(english:"CBL Mariner 2.0 Security Update: helm (CVE-2022-23525)");
script_set_attribute(attribute:"synopsis", value:
"The remote CBL Mariner host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The version of helm installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected
by a vulnerability as referenced in the CVE-2022-23525 advisory.
- Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are
subject to NULL Pointer Dereference in the _repo_package. The _repo_ package contains a handler that
processes the index file of a repository. For example, the Helm client adds references to chart
repositories where charts are managed. The _repo_ package parses the index file of the repository and
loads it into structures Go can work with. Some index files can cause array data structures to be created
causing a memory violation. Applications that use the _repo_ package in the Helm SDK to parse an index
file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm
Client will panic with an index file that causes a memory violation panic. Helm is not a long running
service so the panic will not affect future uses of the Helm client. This issue has been patched in
3.10.3. SDK users can validate index files that are correctly formatted before passing them to the _repo_
functions. (CVE-2022-23525)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2022-23525");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-23525");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/13");
script_set_attribute(attribute:"patch_publication_date", value:"2022/12/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:helm");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:microsoft:cbl-mariner");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MarinerOS Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CBLMariner/release", "Host/CBLMariner/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/CBLMariner/release');
if (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');
var os_ver = pregmatch(pattern: "CBL-Mariner ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');
os_ver = os_ver[1];
if (! preg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);
if (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu)
audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);
var pkgs = [
{'reference':'helm-3.9.4-4.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'helm-3.9.4-4.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'helm');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | cbl-mariner | helm | p-cpe:/a:microsoft:cbl-mariner:helm |
| microsoft | cbl-mariner | x-cpe:/o:microsoft:cbl-mariner |
Related
osv
osv
BIT-helm-2022-23525
2024-03-06 10:53:55
Helm vulnerable to denial of service through through repository index file
2022-12-14 21:38:31
CVE-2022-23525
2022-12-15 19:15:17
cvelist
cvelist
cgr
cgr
CVE-2022-23525 vulnerabilities
2024-05-19 03:07:16
cbl_mariner
cbl_mariner
CVE-2022-23525 affecting package helm 3.4.1-13
2023-01-12 20:54:55
CVE-2022-23525 affecting package helm for versions less than 3.9.4-4
2023-01-03 20:57:19
redhatcve
redhatcve
CVE-2022-23525
2022-12-16 10:05:01
gitlab
gitlab
Helm vulnerable to denial of service through through repository index file
2022-12-14 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-12-16 03:39:58
nvd
nvd
CVE-2022-23525
2022-12-15 19:15:17
alpinelinux
alpinelinux
CVE-2022-23525
2022-12-15 19:15:00
prion
prion
Null pointer dereference
2022-12-15 19:15:00
github
github
Helm vulnerable to denial of service through through repository index file
2022-12-14 21:38:31
cve
cve
CVE-2022-23525
2022-12-15 19:15:17
redhat
redhat
nessus
nessus
SUSE SLED15 / SLES15 Security Update : helm (SUSE-SU-2022:4606-1)
2022-12-23 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:4606-1)
2022-12-23 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
2023-03-30 15:19:31