TencentOS Server 3: rust-toolset:rhel8 (TSSA-2022:0116)

🗓️ 16 Jun 2025 00:00:00Reported by TenableType

TencentOS Server 3 is vulnerable to multiple issues impacting security, requiring immediate updates.

Reporter	Title	Published	Views	Family All 409
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	15 Mar 202500:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from expat, Golang Go, gcc, openssl and libxml.	16 May 202206:59	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	29 Apr 202502:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Packet Capture is using components with known vulnerabilities	31 Mar 202214:40	–	ibm
GithubExploit	Exploit for Code Injection in Unicode	30 Jun 202122:06	–	githubexploit
GithubExploit	Exploit for Code Injection in Unicode	15 Mar 202611:56	–	githubexploit
GithubExploit	Exploit for Code Injection in Unicode	31 Jan 202318:15	–	githubexploit
FreeBSD	Rust -- violation of Rust's safety guarantees	9 May 201900:00	–	freebsd
Tenable Nessus	Amazon Linux 2022 : cpp, gcc, gcc-c++ (ALAS2022-2022-057)	6 Sep 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2022 : gcc (ALAS2022-2022-222)	9 Dec 202200:00	–	nessus

Source	Link
mirrors	www.mirrors.tencent.com/tlinux/errata/tssa-20220116.xml
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2022:0116.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(238638);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/12/05");

  script_cve_id("CVE-2019-12083", "CVE-2021-42574");

  script_name(english:"TencentOS Server 3: rust-toolset:rhel8 (TSSA-2022:0116)");

  script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 3 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is,
therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0116 advisory.

    Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:

    CVE-2019-12083:
    The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if
    overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method
    is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in
    safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is
    unaffected.

    CVE-2021-42574:
    ** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through
    14.0. It permits the visual reordering of characters via control sequences, which can be used to craft
    source code that renders different logic than the logical ordering of tokens ingested by compilers and
    interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such
    that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium
    offers the following alternative approach to presenting this concern. An issue is noted in the nature of
    international text that can affect applications that implement support for The Unicode Standard and the
    Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-
    right and right-to-left characters, the visual order of tokens may be different from their logical order.
    Additionally, control characters needed to fully support the requirements of bidirectional text can
    further obfuscate the logical order of tokens. Unless mitigated, an adversary could craft source code such
    that the ordering of tokens perceived by human reviewers does not match what will be processed by a
    compiler/interpreter/etc. The Unicode Consortium has documented this class of vulnerability in its
    document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also
    provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode
    Security Mechanisms, and in Unicode Standard Annex #31, Unicode Identifier and Pattern Syntax. Also, the
    BIDI specification allows applications to tailor the implementation in ways that can mitigate misleading
    visual reordering in program text; see HL4 in Unicode Standard Annex #9, Unicode Bidirectional Algorithm.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20220116.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12083");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-42574");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/07/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:rust");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:rust-toolset");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tencent Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 3.x', 'TencentOS ' + os_version);

if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'cargo-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'cargo-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'cargo-debuginfo-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'cargo-debuginfo-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'cargo-doc-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'clippy-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'clippy-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'clippy-debuginfo-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'clippy-debuginfo-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rls-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rls-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rls-debuginfo-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rls-debuginfo-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rust-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rust-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rust-analysis-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rust-analysis-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rust-debugger-common-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rust-debuginfo-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rust-debuginfo-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rust-debugsource-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rust-debugsource-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rust-doc-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rust-doc-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rust-gdb-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rust-lldb-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rust-src-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rust-std-static-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rust-std-static-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rust-std-static-wasm32-unknown-unknown-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rust-std-static-wasm32-unknown-unknown-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rust-toolset-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rust-toolset-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rustfmt-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rustfmt-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rustfmt-debuginfo-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rustfmt-debuginfo-1.58.1-1.module+el8.6.0+43+f7b70e3d', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cargo / cargo-debuginfo / cargo-doc / etc');
}

05 Dec 2025 00:00Current

7.3High risk

Vulners AI Score7.3

CVSS 26.8

CVSS 3.18.3

EPSS0.24988

SSVC