Lucene search
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2021-788.NASLHistoryMay 25, 2021 - 12:00 a.m.
openSUSE Security Update : mpv (openSUSE-2021-788)
2021-05-2500:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.012 Low
EPSS
Percentile
85.1%
This update for mpv fixes the following issues :
- CVE-2021-30145: Fixed format string vulnerability allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file (boo#1186230)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2021-788.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(149885);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/29");
script_cve_id("CVE-2021-30145");
script_name(english:"openSUSE Security Update : mpv (openSUSE-2021-788)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
script_set_attribute(attribute:"description", value:
"This update for mpv fixes the following issues :
- CVE-2021-30145: Fixed format string vulnerability allows
user-assisted remote attackers to achieve code execution
via a crafted m3u playlist file (boo#1186230)");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1186230");
script_set_attribute(attribute:"solution", value:
"Update the affected mpv packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-30145");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/05/18");
script_set_attribute(attribute:"patch_publication_date", value:"2021/05/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/05/25");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmpv1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmpv1-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mpv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mpv-bash-completion");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mpv-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mpv-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mpv-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mpv-zsh-completion");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE15.2", reference:"libmpv1-0.32.0+git.20200301T004003.e7bab0025f-lp152.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"libmpv1-debuginfo-0.32.0+git.20200301T004003.e7bab0025f-lp152.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"mpv-0.32.0+git.20200301T004003.e7bab0025f-lp152.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"mpv-bash-completion-0.32.0+git.20200301T004003.e7bab0025f-lp152.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"mpv-debuginfo-0.32.0+git.20200301T004003.e7bab0025f-lp152.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"mpv-debugsource-0.32.0+git.20200301T004003.e7bab0025f-lp152.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"mpv-devel-0.32.0+git.20200301T004003.e7bab0025f-lp152.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"mpv-zsh-completion-0.32.0+git.20200301T004003.e7bab0025f-lp152.2.6.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmpv1 / libmpv1-debuginfo / mpv / mpv-bash-completion / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | libmpv1 | p-cpe:/a:novell:opensuse:libmpv1 |
| novell | opensuse | libmpv1-debuginfo | p-cpe:/a:novell:opensuse:libmpv1-debuginfo |
| novell | opensuse | mpv | p-cpe:/a:novell:opensuse:mpv |
| novell | opensuse | mpv-bash-completion | p-cpe:/a:novell:opensuse:mpv-bash-completion |
| novell | opensuse | mpv-debuginfo | p-cpe:/a:novell:opensuse:mpv-debuginfo |
| novell | opensuse | mpv-debugsource | p-cpe:/a:novell:opensuse:mpv-debugsource |
| novell | opensuse | mpv-devel | p-cpe:/a:novell:opensuse:mpv-devel |
| novell | opensuse | mpv-zsh-completion | p-cpe:/a:novell:opensuse:mpv-zsh-completion |
| novell | opensuse | 15.2 | cpe:/o:novell:opensuse:15.2 |
Related
mageia
mageia
Updated mpv packages fix a security vulnerability
2021-06-08 17:33:02
alpinelinux
alpinelinux
CVE-2021-30145
2021-05-18 14:15:07
prion
prion
Format string
2021-05-18 14:15:00
cve
cve
CVE-2021-30145
2021-05-18 14:15:07
ubuntucve
ubuntucve
CVE-2021-30145
2021-05-18 00:00:00
gentoo
gentoo
mpv: Format string vulnerability
2021-07-20 00:00:00
cvelist
cvelist
CVE-2021-30145
2021-05-18 13:34:53
osv
osv
CVE-2021-30145
2021-05-18 14:15:07
veracode
veracode
Denial Of Service (DoS)
2021-04-27 11:07:17
openvas
openvas
openSUSE: Security Advisory for mpv (openSUSE-SU-2021:0788-1)
2021-05-25 00:00:00
Mageia: Security Advisory (MGASA-2021-0235)
2022-01-28 00:00:00
debiancve
debiancve
CVE-2021-30145
2021-05-18 14:15:07
suse
suse
Security update for mpv (important)
2021-05-28 00:00:00
Security update for mpv (important)
2021-05-24 00:00:00
nvd
nvd
CVE-2021-30145
2021-05-18 14:15:07
nessus
nessus
GLSA-202107-46 : mpv: Format string vulnerability
2022-01-24 00:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.012 Low
EPSS
Percentile
85.1%
Related for OPENSUSE-2021-788.NASL