Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

TencentOS Server 4: openssl (TSSA-2024:0596)

🗓️ 20 Nov 2025 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 4 Views

TencentOS Server 4 OpenSSL prior version vulnerable to two flaws with denial of service; updates fix.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM DevOps Code ClearCase
15 Jul 202413:22
ibm
IBM Security Bulletins		Security Bulletin: IBM DataPower Gateway vulnerable to DOS in OpenSSL (CVE-2024-0727)
14 May 202416:59
ibm
IBM Security Bulletins		Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by denial of service due to Python cryptography package
1 Apr 202609:46
ibm
IBM Security Bulletins		Security Bulletin: vulnerability in OpenSSL affects IBM Workload Scheduler.
3 Sep 202422:46
ibm
IBM Security Bulletins		Security Bulletin: Vulnerability in FOS firmware used by IBM b-type SAN directors and switches.
12 Mar 202522:08
ibm
IBM Security Bulletins		Security Bulletin: Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches.
19 Nov 202420:01
ibm
IBM Security Bulletins		Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a denial of service
13 May 202423:54
ibm
IBM Security Bulletins		Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v5.0.3 is vulnerable to multiple Base OS issues
15 Apr 202503:20
ibm
IBM Security Bulletins		Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.7 is vulnerable to multiple Base OS issues
15 Apr 202503:13
ibm
IBM Security Bulletins		Security Bulletin: Denial of service vulnerabilities in Node.js affects IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition
30 May 202418:50
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2024:0596.
##

include('compat.inc');

if (description)
{
  script_id(276113);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/20");

  script_cve_id("CVE-2023-6129", "CVE-2023-6237", "CVE-2024-0727");
  script_xref(name:"IAVA", value:"2024-A-0121-S");

  script_name(english:"TencentOS Server 4: openssl (TSSA-2024:0596)");

  script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 4 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is,
therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0596 advisory.

    Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:

    CVE-2023-6237:
    A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a
    computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product
    of two or more large primes and this computation completes quickly. However, if n is a large prime, this
    computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key
    obtained from an untrusted source could be vulnerable to a Denial of Service attack.

    CVE-2024-0727:
    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL
    to crash leading to a potential Denial of Service attack

    Impact summary: Applications loading files in the PKCS12 format from untrusted
    sources might terminate abruptly.

    A file in PKCS12 format can contain certificates and keys and may come from an
    untrusted source. The PKCS12 specification allows certain fields to be NULL, but
    OpenSSL does not correctly check for this case. This can lead to a NULL pointer
    dereference that results in OpenSSL crashing. If an application processes PKCS12
    files from an untrusted source using the OpenSSL APIs then that application will
    be vulnerable to this issue.

    OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),
    PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
    and PKCS12_newpass().

    We have also fixed a similar issue in SMIME_write_PKCS7(). However since this
    function is related to writing data we do not consider it security significant.

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

    CVE-2023-6129:
    Issue summary: The POLY1305 MAC (message authentication code) implementation
    contains a bug that might corrupt the internal state of applications running
    on PowerPC CPU based platforms if the CPU provides vector instructions.

    Impact summary: If an attacker can influence whether the POLY1305 MAC
    algorithm is used, the application state might be corrupted with various
    application dependent consequences.

    The POLY1305 MAC (message authentication code) implementation in OpenSSL for
    PowerPC CPUs restores the contents of vector registers in a different order
    than they are saved. Thus the contents of some of these vector registers
    are corrupted when returning to the caller. The vulnerable code is used only
    on newer PowerPC processors supporting the PowerISA 2.07 instructions.

    The consequences of this kind of internal application state corruption can
    be various - from no consequences, if the calling application does not
    depend on the contents of non-volatile XMM registers at all, to the worst
    consequences, where the attacker could get complete control of the application
    process. However unless the compiler uses the vector registers for storing
    pointers, the most likely consequence, if any, would be an incorrect result
    of some application dependent calculations or a crash leading to a denial of
    service.

    The POLY1305 MAC algorithm is most frequently used as part of the
    CHACHA20-POLY1305 AEAD (authenticated encryption with associated data)
    algorithm. The most common usage of this AEAD cipher is with TLS protocol
    versions 1.2 and 1.3. If this cipher is enabled on the server a malicious
    client can influence whether this AEAD cipher is used. This implies that
    TLS server applications using OpenSSL can be potentially impacted. However
    we are currently not aware of any concrete application that would be affected
    by this issue therefore we consider this a Low severity security issue.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20240596.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-6129");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/11/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/10/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:openssl");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tencent Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 4.x', 'TencentOS ' + os_version);

if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'openssl-3.0.12-3.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-3.0.12-3.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-debuginfo-3.0.12-3.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-debuginfo-3.0.12-3.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-debugsource-3.0.12-3.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-debugsource-3.0.12-3.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-devel-3.0.12-3.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-devel-3.0.12-3.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-libs-3.0.12-3.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-libs-3.0.12-3.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-libs-debuginfo-3.0.12-3.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-libs-debuginfo-3.0.12-3.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-perl-3.0.12-3.tl4', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'openssl-perl-3.0.12-3.tl4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-debuginfo / openssl-debugsource / etc');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
20 Nov 2025 00:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS 3.16.5
EPSS0.03331
SSVC
openssl vulnerabilitydenial of servicepkcs12 crashrsa public checktencent server
4