Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ROCKY_LINUX_RLSA-2022-1819.NASLHistoryNov 06, 2023 - 12:00 a.m.
Rocky Linux 8 : go-toolset:rhel8 (RLSA-2022:1819)
2023-11-0600:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
rocky linux 8
vulnerabilities
go toolset
buffer overflow
archive header
memory location after
uncontrolled memory consumption
misinterpret branch names
incorrect access control
invalid field element
9.3 High
AI Score
Confidence
High
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1819 advisory.
-
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. (CVE-2021-38297)
-
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. (CVE-2021-39293)
-
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
(CVE-2021-41771) -
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. (CVE-2021-41772)
-
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. (CVE-2022-23772)
-
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. (CVE-2022-23773)
-
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. (CVE-2022-23806)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Rocky Linux Security Advisory RLSA-2022:1819.
##
include('compat.inc');
if (description)
{
script_id(184743);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/14");
script_cve_id(
"CVE-2021-38297",
"CVE-2021-39293",
"CVE-2021-41771",
"CVE-2021-41772",
"CVE-2022-23772",
"CVE-2022-23773",
"CVE-2022-23806"
);
script_xref(name:"IAVB", value:"2022-B-0008-S");
script_xref(name:"RLSA", value:"2022:1819");
script_xref(name:"IAVB", value:"2021-B-0069-S");
script_name(english:"Rocky Linux 8 : go-toolset:rhel8 (RLSA-2022:1819)");
script_set_attribute(attribute:"synopsis", value:
"The remote Rocky Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
RLSA-2022:1819 advisory.
- Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function
invocation from a WASM module, when GOARCH=wasm GOOS=js is used. (CVE-2021-38297)
- In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating
that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of
an incomplete fix for CVE-2021-33196. (CVE-2021-39293)
- ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3
Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
(CVE-2021-41771)
- Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP
archive containing an invalid name or an empty filename field. (CVE-2021-41772)
- Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to
Uncontrolled Memory Consumption. (CVE-2022-23772)
- cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to
be version tags. This can lead to incorrect access control if an actor is supposed to be able to create
branches but not tags. (CVE-2022-23773)
- Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return
true in situations with a big.Int value that is not a valid field element. (CVE-2022-23806)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://errata.rockylinux.org/RLSA-2022:1819");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2006044");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2012887");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2014704");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2020725");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2020736");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2053429");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2053532");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2053541");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-38297");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/10/18");
script_set_attribute(attribute:"patch_publication_date", value:"2022/05/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:delve");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:delve-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:delve-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:go-toolset");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:golang");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:golang-bin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:golang-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:golang-misc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:golang-race");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:golang-src");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:golang-tests");
script_set_attribute(attribute:"cpe", value:"cpe:/o:rocky:linux:8");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Rocky Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RockyLinux/release", "Host/RockyLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RockyLinux/release');
if (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');
var os_ver = pregmatch(pattern: "Rocky(?: Linux)? release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);
if (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);
var pkgs = [
{'reference':'delve-1.7.2-1.module+el8.6.0+824+8e984c20', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'delve-debuginfo-1.7.2-1.module+el8.6.0+824+8e984c20', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'delve-debugsource-1.7.2-1.module+el8.6.0+824+8e984c20', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'go-toolset-1.17.7-1.module+el8.6.0+824+8e984c20', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'go-toolset-1.17.7-1.module+el8.6.0+824+8e984c20', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'golang-1.17.7-1.module+el8.6.0+824+8e984c20', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'golang-1.17.7-1.module+el8.6.0+824+8e984c20', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'golang-bin-1.17.7-1.module+el8.6.0+824+8e984c20', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'golang-bin-1.17.7-1.module+el8.6.0+824+8e984c20', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'golang-docs-1.17.7-1.module+el8.6.0+824+8e984c20', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'golang-misc-1.17.7-1.module+el8.6.0+824+8e984c20', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'golang-race-1.17.7-1.module+el8.6.0+824+8e984c20', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'golang-src-1.17.7-1.module+el8.6.0+824+8e984c20', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'golang-tests-1.17.7-1.module+el8.6.0+824+8e984c20', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'delve / delve-debuginfo / delve-debugsource / go-toolset / golang / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rocky | linux | delve | p-cpe:/a:rocky:linux:delve |
| rocky | linux | delve-debuginfo | p-cpe:/a:rocky:linux:delve-debuginfo |
| rocky | linux | delve-debugsource | p-cpe:/a:rocky:linux:delve-debugsource |
| rocky | linux | go-toolset | p-cpe:/a:rocky:linux:go-toolset |
| rocky | linux | golang | p-cpe:/a:rocky:linux:golang |
| rocky | linux | golang-bin | p-cpe:/a:rocky:linux:golang-bin |
| rocky | linux | golang-docs | p-cpe:/a:rocky:linux:golang-docs |
| rocky | linux | golang-misc | p-cpe:/a:rocky:linux:golang-misc |
| rocky | linux | golang-race | p-cpe:/a:rocky:linux:golang-race |
| rocky | linux | golang-src | p-cpe:/a:rocky:linux:golang-src |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38297
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39293
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41771
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41772
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23772
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23773
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23806
bugzilla.redhat.com/show_bug.cgi?id=2006044
bugzilla.redhat.com/show_bug.cgi?id=2012887
bugzilla.redhat.com/show_bug.cgi?id=2014704
bugzilla.redhat.com/show_bug.cgi?id=2020725
bugzilla.redhat.com/show_bug.cgi?id=2020736
bugzilla.redhat.com/show_bug.cgi?id=2053429
bugzilla.redhat.com/show_bug.cgi?id=2053532
bugzilla.redhat.com/show_bug.cgi?id=2053541
errata.rockylinux.org/RLSA-2022:1819
Related
nessus
nessus
CentOS 8 : go-toolset:rhel8 (CESA-2022:1819)
2022-05-10 00:00:00
Oracle Linux 8 : go-toolset:ol8 (ELSA-2022-1819)
2022-05-18 00:00:00
RHEL 8 : go-toolset:rhel8 (RHSA-2022:1819)
2022-05-11 00:00:00
redhat
redhat
(RHSA-2022:1819) Moderate: go-toolset:rhel8 security and bug fix update
2022-05-10 06:29:31
(RHSA-2022:4860) Moderate: Release of OpenShift Serverless Client kn 1.22.1
2022-06-01 09:10:05
(RHSA-2022:0432) Moderate: Release of OpenShift Serverless Client kn 1.20.0
2022-02-03 15:51:33
osv
osv
Moderate: go-toolset:rhel8 security and bug fix update
2022-05-10 06:29:31
Moderate: go-toolset:rhel8 security and bug fix update
2022-05-10 06:29:31
Panic due to crafted inputs in archive/zip
2022-05-18 18:23:31
almalinux
almalinux
Moderate: go-toolset:rhel8 security and bug fix update
2022-05-10 06:29:31
oraclelinux
oraclelinux
go-toolset:ol8 security and bug fix update
2022-05-17 00:00:00
go-toolset:ol8addon security update
2022-06-08 00:00:00
rocky
rocky
go-toolset:rhel8 security and bug fix update
2022-05-10 06:29:31
amazon
amazon
Important: golang
2022-07-06 03:11:00
Important: golang
2022-04-25 03:47:00
Medium: golang
2023-02-15 00:23:00
mageia
mageia
Updated golang packages fix security vulnerability
2021-10-13 22:39:52
Updated golang packages fix security vulnerability
2022-03-08 02:10:22
Updated golang packages fix security vulnerability
2021-12-03 21:45:31
ibm
ibm
openvas
openvas
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1534)
2022-04-25 00:00:00
Fedora: Security Advisory for golang (FEDORA-2021-2b2dd1b5a7)
2021-12-20 00:00:00
Fedora: Security Advisory for golang (FEDORA-2021-2ef35beebf)
2021-12-20 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: golang-1.16.11-1.fc34
2021-12-16 01:14:10
[SECURITY] Fedora 35 Update: golang-1.16.11-1.fc35
2021-12-16 01:18:21
suse
suse
Security update for go1.16 (important)
2022-03-04 00:00:00
Security update for go1.17 (important)
2022-03-04 00:00:00
Security update for go1.16 (moderate)
2021-12-06 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.17.7-alt1
2022-02-11 00:00:00
Security fix for the ALT Linux 10 package golang version 1.17.3-alt1
2021-11-04 00:00:00
Security fix for the ALT Linux 10 package golang version 1.17.2-alt1
2021-10-11 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2022-02-10 00:00:00
go -- multiple vulnerabilities
2021-11-04 00:00:00
go -- archive/zip: overflow in preallocation check can cause OOM panic
2021-08-18 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-0159
2022-03-02 00:00:00
Critical Photon OS Security Update - PHSA-2022-0364
2022-02-22 00:00:00
Critical Photon OS Security Update - PHSA-2022-4.0-0159
2022-03-07 00:00:00
cve
cve
redhatcve
redhatcve
debian
debian
[SECURITY] [DLA 3395-1] golang-1.11 security update
2023-04-19 21:42:48
[SECURITY] [DLA 2892-1] golang-1.7 security update
2022-01-21 22:02:47
[SECURITY] [DLA 2891-1] golang-1.8 security update
2022-01-21 22:02:40
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2022-01-24 01:15:00
Buffer overflow
2021-10-18 06:15:00
Code injection
2021-11-08 06:15:00
alpinelinux
alpinelinux
CVE-2021-39293
2022-01-24 01:15:00
CVE-2021-38297
2021-10-18 06:15:00
debiancve
debiancve
githubexploit
githubexploit
Exploit for Classic Buffer Overflow in Golang Go
2023-11-15 20:52:36
veracode
veracode
Denial Of Service (DoS)
2021-10-11 04:53:12
Denial Of Service
2021-08-25 07:36:50
cbl_mariner
cbl_mariner
CVE-2021-41772 affecting package golang 1.16.9-1
2021-12-17 20:09:37
CVE-2021-41772 affecting package golang 1.17.1-2
2022-04-26 19:57:46
CVE-2021-38297 affecting package golang 1.17.1-2
2022-04-26 19:57:46
cnvd
cnvd
Google Go buffer error vulnerability
2021-10-24 00:00:00
Google Golang memory consumption overflow vulnerability
2022-02-14 00:00:00
Google Go Denial of Service Vulnerability (CNVD-2022-55062)
2022-04-01 00:00:00