Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

TencentOS Server 3: ostree (TSSA-2023:0103)

🗓️ 16 Jun 2025 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 4 Views

Version of TencentOS Server 3 is outdated, exposing multiple vulnerabilities requiring updates.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: CVE-2022-2879, CVE-2022-41715, CVE-2022-2880, CVE-2022-41717, CVE-2022-41716 may affect IBM CICS TX Advanced
16 Mar 202315:24
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in Go may affect IBM CICS TX Standard
24 Feb 202310:43
ibm
IBM Security Bulletins		Security Bulletin: Open Source Dependency Vulnerability
15 May 202318:55
ibm
IBM Security Bulletins		Security Bulletin: Multiple Vulnerabilities in IBM API Connect
15 Mar 202500:18
ibm
IBM Security Bulletins		Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Kubernetes, curl and systemd
19 Jun 202308:19
ibm
IBM Security Bulletins		Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2022-3172)
24 May 202313:34
ibm
IBM Security Bulletins		Security Bulletin: IBM Cloud Pak System is vulnerable to multiple vulnerabilities in Golang Go
31 Mar 202314:14
ibm
IBM Security Bulletins		Security Bulletin: IBM Cloud Pak for Data is vulnerable to a variety of issues due to 3rd party software
27 Sep 202417:52
ibm
IBM Security Bulletins		Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Kubernetes (CVE-2022-3162, CVE-2022-3294)
17 May 202318:20
ibm
IBM Security Bulletins		Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management
28 Feb 202421:30
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2023:0103.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(239281);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/20");

  script_cve_id(
    "CVE-2021-4235",
    "CVE-2022-1705",
    "CVE-2022-27664",
    "CVE-2022-2879",
    "CVE-2022-2880",
    "CVE-2022-2995",
    "CVE-2022-30631",
    "CVE-2022-3162",
    "CVE-2022-3172",
    "CVE-2022-32148",
    "CVE-2022-32189",
    "CVE-2022-32190",
    "CVE-2022-3259",
    "CVE-2022-3466",
    "CVE-2022-41715"
  );

  script_name(english:"TencentOS Server 3: ostree (TSSA-2023:0103)");

  script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 3 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is,
therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0103 advisory.

    Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:

      CVE-2021-4235:
      A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously
    crafted YAML file can cause the system to consume significant system resources. If parsing user input,
    this may be used as a denial of service vector.
      CVE-2022-1705:
      A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating
    chunked encoding. This issue could allow request smuggling, but only if combined with an intermediate
    server that also improperly accepts the header as invalid.
      CVE-2022-2879:
      A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of
    file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw
    allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially
    causing resource exhaustion or panic.
      CVE-2022-2880:
      A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query
    parameters from the inbound request, including unparseable parameters rejected by net/http. This issue
    could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value.
    After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound
    request's form field is set after the reverse proxy. The director function returns, indicating that the
    proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the
    original query parameters unchanged.
      CVE-2022-2995:
      Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive
    information disclosure or possible data modification if an attacker has direct access to the affected
    container where supplementary groups are used to set access permissions and is able to execute a binary
    code in that container.
      CVE-2022-3162:
      A flaw was found in kubernetes. Users authorized to list or watch one type of namespaced custom resource
    cluster-wide can read custom resources of a different kind in the same API group they are not authorized
    to read.
      CVE-2022-3172:
      A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect
    client traffic to any URL. This issue leads to the client performing unexpected actions and forwarding the
    client's API server credentials to third parties.
      CVE-2022-3259:
      Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle
    (MITM) attacks.
      CVE-2022-3466:
      The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6
    via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of
    cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via
    RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with
    inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For
    more details, see https://access.redhat.com/security/cve/CVE-2022-27652.
      CVE-2022-27664:
      A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service
    because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
      CVE-2022-30631:
      A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number
    of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.
      CVE-2022-32148:
      A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called
    with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set
    the client IP incorrectly. This issue may affect confidentiality.
      CVE-2022-32189:
      An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can
    cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to
    create a denial of service, impacting availability.
      CVE-2022-32190:
      A flaw was found in the golang package. The JoinPath doesn't remove the ../ path components appended to
    a domain that is not terminated by a slash, possibly leading to a directory traversal attack.
      CVE-2022-41715:
      A flaw was found in the golang package, where programs that compile regular expressions from untrusted
    sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is
    linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a
    relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is
    limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than
    that are rejected. Routine use of regular expressions is unaffected.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20230103.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-3172");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/06/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/06/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:ostree");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tencent Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 3.x', 'TencentOS ' + os_version);

if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'ostree-2022.2-6.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'ostree-2022.2-6.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'ostree-debuginfo-2022.2-6.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'ostree-debuginfo-2022.2-6.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'ostree-debugsource-2022.2-6.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'ostree-debugsource-2022.2-6.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'ostree-devel-2022.2-6.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'ostree-devel-2022.2-6.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'ostree-grub2-2022.2-6.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'ostree-grub2-2022.2-6.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'ostree-libs-2022.2-6.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'ostree-libs-2022.2-6.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'ostree-libs-debuginfo-2022.2-6.tl3', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'ostree-libs-debuginfo-2022.2-6.tl3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ostree / ostree-debuginfo / ostree-debugsource / etc');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
20 Nov 2025 00:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.17.5 - 8.2
EPSS0.03414
SSVC
tencentos servervulnerabilitiescve-2021-4235cve-2022-1705cve-2022-2879cve-2022-2880
4