Lucene search
K

TencentOS Server 3: curl (TSSA-2024:0097)

🗓️ 16 Jun 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 6 Views

TencentOS Server 3 is vulnerable due to outdated curl version, affecting data handling and security.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: IBM MaaS360 Cloud Extender Agent, Configuration Utility, Certificate, and Base Module affected by multiple vulnerabilities (CVE-2023-28322, CVE-2023-28320, CVE-2023-28319, CVE-2023-28321)
2 Oct 202316:16
ibm
IBM Security Bulletins
Security Bulletin: IBM App Connect Enterprise is vulnerable to a heap-based buffer overflow due to libcurl and cURL. (CVE-2023-38546, CVE-2023-38545)
20 Nov 202315:27
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware
15 Apr 202502:41
ibm
IBM Security Bulletins
Security Bulletin: IBM Storage Ceph is vulnerable to the Insertion of Sensitive Information Into Sent Data in the RHEL UBI (CVE-2023-46218)
5 Aug 202420:44
ibm
IBM Security Bulletins
Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities
24 Jul 202317:54
ibm
IBM Security Bulletins
Security Bulletin: IBM Storage Ceph is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in the RHEL UBI (CVE-2023-28322)
19 Jan 202422:09
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability with GNU glibc & libcURL affect IBM Cloud Object Storage Systems (Nov2023v1)
14 Nov 202322:53
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V
18 Jun 202422:03
ibm
IBM Security Bulletins
Security Bulletin: Execution Engine for Apache Hadoop is vulnerable to heap-based buffer overflow and remote attacker to bypass security restrictions
20 Feb 202503:40
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in libcurl may affect IBM Storage Scale System (CVE-2023-28322)
4 Apr 202411:15
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2024:0097.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(238645);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/22");

  script_cve_id("CVE-2023-28322", "CVE-2023-38546", "CVE-2023-46218");
  script_xref(name:"CEA-ID", value:"CEA-2023-0052");

  script_name(english:"TencentOS Server 3: curl (TSSA-2024:0097)");

  script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 3 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is,
therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0097 advisory.

    Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:

    CVE-2023-28322:
    An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might
    erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the
    CURLOPT_POSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request which
    used that callback. This flaw may surprise the application and cause it to misbehave and either send off
    the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic
    for a reused handle when it is (expected to be) changed from a PUT to a POST.

    CVE-2023-38546:
    A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running
    program using libcurl if the specific series of conditions are met.

    CVE-2023-46218:
    A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue
    could allow a malicious HTTP server to set super cookies in curl that are passed back to more origins
    than what is otherwise allowed or possible.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20240097.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-38546");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2023-46218");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/04/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:curl");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tencent Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 3.x', 'TencentOS ' + os_version);

if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'curl-7.61.1-33.tl3.5', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'curl-7.61.1-33.tl3.5', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'curl-debuginfo-7.61.1-33.tl3.5', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'curl-debuginfo-7.61.1-33.tl3.5', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'curl-debugsource-7.61.1-33.tl3.5', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'curl-debugsource-7.61.1-33.tl3.5', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'curl-minimal-debuginfo-7.61.1-33.tl3.5', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'curl-minimal-debuginfo-7.61.1-33.tl3.5', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libcurl-7.61.1-33.tl3.5', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libcurl-7.61.1-33.tl3.5', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libcurl-debuginfo-7.61.1-33.tl3.5', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libcurl-debuginfo-7.61.1-33.tl3.5', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libcurl-devel-7.61.1-33.tl3.5', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libcurl-devel-7.61.1-33.tl3.5', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libcurl-minimal-7.61.1-33.tl3.5', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libcurl-minimal-7.61.1-33.tl3.5', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libcurl-minimal-debuginfo-7.61.1-33.tl3.5', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'libcurl-minimal-debuginfo-7.61.1-33.tl3.5', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'curl / curl-debuginfo / curl-debugsource / etc');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

22 Nov 2025 00:00Current
7.5High risk
Vulners AI Score7.5
CVSS 3.16.5
EPSS0.06208
SSVC
6