Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

TencentOS Server 3: go-toolset:rhel8 (TSSA-2024:0222)

🗓️ 16 Jun 2025 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 3 Views

Vulnerabilities in TencentOS Server 3 prior to updates affect HTTP/2, cookie forwarding, and memory limits.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to glibc, Golang Go , Apache HTTP, IBM GSKit-Crypto and GnuTLS packages/liberaries .
22 May 202409:19
ibm
IBM Security Bulletins		Security Bulletin: Vulnerabilities in Node.js, Golang Go, HTTP/2, NGINX, OpenSSH, Linux kernel might affect IBM Spectrum Protect Plus
4 Feb 202518:15
ibm
IBM Security Bulletins		Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go security bypass vulnerabilitiy( CVE-2024-24785)
28 Jan 202522:08
ibm
IBM Security Bulletins		Security Bulletin: Multiple Vulnerabilities in IBM API Connect
15 Mar 202500:18
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data
12 Jun 202515:38
ibm
IBM Security Bulletins		Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2023-45288.
2 Apr 202515:29
ibm
IBM Security Bulletins		Security Bulletin: IBM Automation Decision Services for May 2024 - Multiple CVEs addressed
1 Jul 202408:35
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in Go affect IBM Robotic Process Automation for Cloud Pak
4 Feb 202520:53
ibm
IBM Security Bulletins		Security Bulletin: Multiple security vulnerabilities affect Go related packages shipped with IBM CICS TX Standard.
16 Apr 202516:38
ibm
IBM Security Bulletins		Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go denial of service vulnerabilitiy( CVE-2024-24783)
28 Jan 202522:08
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2024:0222.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(238513);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/12/04");

  script_cve_id(
    "CVE-2023-45288",
    "CVE-2023-45289",
    "CVE-2023-45290",
    "CVE-2024-24783",
    "CVE-2024-24784",
    "CVE-2024-24785"
  );

  script_name(english:"TencentOS Server 3: go-toolset:rhel8 (TSSA-2024:0222)");

  script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 3 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is,
therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0222 advisory.

    Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:

    CVE-2023-45288:
    A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming
    language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single
    stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.

    CVE-2023-45289:
    A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a
    domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not
    forward sensitive headers such as Authorization or Cookie. For example, a redirect from foo.com to
    www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously
    crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.

    CVE-2023-45290:
    A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either
    explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or
    Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed
    while reading a single form line. This issue permitted a maliciously crafted input containing very long
    lines to cause allocation of arbitrarily large amounts of memory, potentially leading to a denial of
    service.

    CVE-2024-24783:
    A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains
    a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue
    affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or
    RequireAndVerifyClientCert.

    CVE-2024-24784:
    A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly
    handles comments (text within parentheses) within display names. Since this is a misalignment with
    conforming address parsers, it can result in different trust decisions made by programs using different
    parsers.

    CVE-2024-24785:
    A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON
    methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of
    the html/template package, allowing subsequent actions to inject unexpected content into templates.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20240222.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-24785");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2024-24784");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/05/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/05/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:delve");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:go-toolset");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:golang");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tencent Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 3.x', 'TencentOS ' + os_version);

if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'delve-1.21.2-3.module+el8.8.0+632+2dde9914', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'delve-1.21.2-3.module+el8.8.0+632+2dde9914', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'delve-debuginfo-1.21.2-3.module+el8.8.0+632+2dde9914', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'delve-debuginfo-1.21.2-3.module+el8.8.0+632+2dde9914', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'delve-debugsource-1.21.2-3.module+el8.8.0+632+2dde9914', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'delve-debugsource-1.21.2-3.module+el8.8.0+632+2dde9914', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'go-toolset-1.21.9-1.module+el8.8.0+632+2dde9914', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'go-toolset-1.21.9-1.module+el8.8.0+632+2dde9914', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'golang-1.21.9-1.module+el8.8.0+632+2dde9914', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'golang-1.21.9-1.module+el8.8.0+632+2dde9914', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'golang-bin-1.21.9-1.module+el8.8.0+632+2dde9914', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'golang-bin-1.21.9-1.module+el8.8.0+632+2dde9914', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'golang-docs-1.21.9-1.module+el8.8.0+632+2dde9914', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'golang-misc-1.21.9-1.module+el8.8.0+632+2dde9914', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'golang-src-1.21.9-1.module+el8.8.0+632+2dde9914', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'golang-tests-1.21.9-1.module+el8.8.0+632+2dde9914', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'delve / delve-debuginfo / delve-debugsource / etc');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Dec 2025 00:00Current
7.1High risk
Vulners AI Score7.1
CVSS 3.17.5
EPSS0.75268
SSVC
tencentos server 3vulnerabilitieshttp/2 protocoldenial of servicememory allocation limitscookie forwarding.
3