| Reporter | Title | Published | Views | Family All 537 |
|---|---|---|---|---|
| CVE-2021-3497 | 19 Apr 202121:15 | – | attackerkb | |
| CVE-2022-1922 | 19 Jul 202220:15 | – | attackerkb | |
| CVE-2022-1924 | 19 Jul 202220:15 | – | attackerkb | |
| CVE-2022-1921 | 19 Jul 202220:15 | – | attackerkb | |
| CVE-2021-3498 | 19 Apr 202121:15 | – | attackerkb | |
| CVE-2022-1923 | 19 Jul 202220:15 | – | attackerkb | |
| CVE-2022-1925 | 19 Jul 202220:15 | – | attackerkb | |
| CVE-2022-2122 | 19 Jul 202220:15 | – | attackerkb | |
| CVE-2022-1920 | 19 Jul 202220:15 | – | attackerkb | |
| Amazon Linux 2 : gstreamer-plugins-good (ALAS-2023-2011) | 5 Apr 202300:00 | – | nessus |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory gstreamer-plugins-good. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(196501);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/11");
script_cve_id(
"CVE-2016-10199",
"CVE-2017-5840",
"CVE-2021-3497",
"CVE-2021-3498",
"CVE-2022-1920",
"CVE-2022-1921",
"CVE-2022-1922",
"CVE-2022-1923",
"CVE-2022-1924",
"CVE-2022-1925",
"CVE-2022-2122",
"CVE-2023-37327"
);
script_name(english:"RHEL 6 : gstreamer-plugins-good (Unpatched Vulnerability)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 6 host is affected by multiple vulnerabilities that will not be patched.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.
- gstreamer-plugins-good: Heap corruption in matroska demuxing (CVE-2021-3498)
- gstreamer-plugins-good: Potential heap overwrite in mp4 demuxing using zlib decompression (CVE-2022-2122)
- The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before
1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted
tag value. (CVE-2016-10199)
- The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3
allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the
current stts index. (CVE-2017-5840)
- GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain
malformed Matroska files. (CVE-2021-3497)
- Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a
heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap
overwrite. (CVE-2022-1920)
- Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while
parsing avi files. Potential for arbitrary code execution through heap overwrite. (CVE-2022-1921)
- DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux
element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite,
depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just
a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it
is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of
the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that
does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap
overwrite. (CVE-2022-1922)
- DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux
element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending
on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a
segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is
just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the
chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does
not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap
overwrite. (CVE-2022-1923)
- DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux
element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending
on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a
segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is
just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the
chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does
not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap
overwrite. (CVE-2022-1924)
- DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in
matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to
restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the
matroskaparse element has no size checks. (CVE-2022-1925)
- GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability
allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with
this library is required to exploit this vulnerability but attack vectors may vary depending on the
implementation. The specific flaw exists within the parsing of FLAC audio files. The issue results from
the lack of proper validation of user-supplied data, which can result in an integer overflow before
allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the
current process. Was ZDI-CAN-20775. (CVE-2023-37327)
Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3498");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-2122");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/02/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-good");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gstreamer1-plugins-good");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mingw-virt-viewer");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'pkgs': [
{'reference':'gstreamer-plugins-good', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'gstreamer-plugins-good'}
]
}
];
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
foreach var pkg ( constraint_array['pkgs'] ) {
var unpatched_pkg = NULL;
var _release = NULL;
var sp = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (unpatched_pkg &&
_release &&
(!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : unpatched_packages_report()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gstreamer-plugins-good');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation