Vulners
Lucene search
TencentOS Server 3: container-tools:rhel8 (TSSA-2024:0781)
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2024:0781.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(239203);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/12/04");
script_cve_id(
"CVE-2023-45290",
"CVE-2024-1394",
"CVE-2024-24783",
"CVE-2024-24784",
"CVE-2024-24789",
"CVE-2024-3727",
"CVE-2024-37298",
"CVE-2024-6104"
);
script_name(english:"TencentOS Server 3: container-tools:rhel8 (TSSA-2024:0781)");
script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 3 host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is,
therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0781 advisory.
Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:
CVE-2023-45290:
When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with
Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed
form were not applied to the memory consumed while reading a single form line. This permits a maliciously
crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory,
potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits
the maximum size of form lines.
CVE-2024-1394:
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a
resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in
github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That
function uses named return parameters to free pkey and ctx if there is an error initializing the
context or setting the different properties. All return statements related to error cases follow the
return nil, nil, fail(...) pattern, meaning that pkey and ctx will be nil inside the deferred
function that should free them.
CVE-2024-3727:
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger
unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local
path traversal, and other attacks.
CVE-2024-6104:
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead
to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability,
CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.
CVE-2024-24783:
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause
Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth
to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not
verify client certificates.
CVE-2024-24784:
The ParseAddressList function incorrectly handles comments (text within parentheses) within display names.
Since this is a misalignment with conforming address parsers, it can result in different trust decisions
being made by programs using different parsers.
CVE-2024-24789:
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most
zip implementations. This misalignment could be exploited to create an zip file with contents that vary
depending on the implementation reading the file. The archive/zip package now rejects files containing
these errors.
CVE-2024-37298:
gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running
schema.Decoder.Decode() on a struct that has a field of type []struct{...} opens it up to malicious
attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of
schema.Decoder.Decode() on a struct with arrays of other structs could be vulnerable to this memory
exhaustion vulnerability. Version 1.4.1 contains a patch for the issue.
Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20240781.xml");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-6104");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/08/13");
script_set_attribute(attribute:"patch_publication_date", value:"2024/08/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:aardvark-dns");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:buildah");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:cockpit-podman");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:conmon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:container-selinux");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:containernetworking-plugins");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:containers-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:criu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:crun");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:fuse-overlayfs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:libslirp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:netavark");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:oci-seccomp-bpf-hook");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:podman");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:python-podman");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:runc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:skopeo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:slirp4netns");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:toolbox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:udica");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tencent Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info2.nasl");
script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");
exit(0);
}
include('rpm2.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 3.x', 'TencentOS ' + os_version);
if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);
var constraints = [
{
'release': '3',
'pkgs': [
{'reference':'aardvark-dns-1.10.0-1.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'aardvark-dns-1.10.0-1.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'buildah-1.33.8-4.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'buildah-1.33.8-4.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'buildah-debuginfo-1.33.8-4.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'buildah-debuginfo-1.33.8-4.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'buildah-debugsource-1.33.8-4.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'buildah-debugsource-1.33.8-4.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'buildah-tests-1.33.8-4.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'buildah-tests-1.33.8-4.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'buildah-tests-debuginfo-1.33.8-4.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'buildah-tests-debuginfo-1.33.8-4.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cockpit-podman-84.1-1.module+el8.8.0+633+50937502', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
{'reference':'conmon-2.1.10-1.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'conmon-2.1.10-1.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'conmon-debuginfo-2.1.10-1.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'conmon-debuginfo-2.1.10-1.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'conmon-debugsource-2.1.10-1.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'conmon-debugsource-2.1.10-1.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'container-selinux-2.229.0-2.module+el8.8.0+633+50937502', 'rpm_spec_vers_cmp':TRUE},
{'reference':'containernetworking-plugins-1.4.0-5.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'containernetworking-plugins-1.4.0-5.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'containernetworking-plugins-debuginfo-1.4.0-5.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'containernetworking-plugins-debuginfo-1.4.0-5.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'containernetworking-plugins-debugsource-1.4.0-5.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'containernetworking-plugins-debugsource-1.4.0-5.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'containers-common-1-82.module+el8.10.0+675+e6f3672e.ap.1', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'containers-common-1-82.module+el8.10.0+675+e6f3672e.ap.1', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'crit-3.18-5.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'crit-3.18-5.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-3.18-5.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-3.18-5.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-debuginfo-3.18-5.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-debuginfo-3.18-5.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-debugsource-3.18-5.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-debugsource-3.18-5.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-devel-3.18-5.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-devel-3.18-5.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-libs-3.18-5.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-libs-3.18-5.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-libs-debuginfo-3.18-5.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-libs-debuginfo-3.18-5.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'crun-1.14.3-2.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'crun-1.14.3-2.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'crun-debuginfo-1.14.3-2.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'crun-debuginfo-1.14.3-2.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'crun-debugsource-1.14.3-2.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'crun-debugsource-1.14.3-2.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'fuse-overlayfs-1.13-1.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'fuse-overlayfs-1.13-1.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'fuse-overlayfs-debuginfo-1.13-1.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'fuse-overlayfs-debuginfo-1.13-1.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'fuse-overlayfs-debugsource-1.13-1.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'fuse-overlayfs-debugsource-1.13-1.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libslirp-4.4.0-2.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libslirp-4.4.0-2.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libslirp-debuginfo-4.4.0-2.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libslirp-debuginfo-4.4.0-2.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libslirp-debugsource-4.4.0-2.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libslirp-debugsource-4.4.0-2.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libslirp-devel-4.4.0-2.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libslirp-devel-4.4.0-2.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'netavark-1.10.3-1.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'netavark-1.10.3-1.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'oci-seccomp-bpf-hook-1.2.10-1.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'oci-seccomp-bpf-hook-1.2.10-1.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'oci-seccomp-bpf-hook-debuginfo-1.2.10-1.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'oci-seccomp-bpf-hook-debuginfo-1.2.10-1.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'oci-seccomp-bpf-hook-debugsource-1.2.10-1.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'oci-seccomp-bpf-hook-debugsource-1.2.10-1.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-catatonit-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-catatonit-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-catatonit-debuginfo-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-catatonit-debuginfo-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-debuginfo-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-debuginfo-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-debugsource-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-debugsource-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-docker-4.9.4-12.module+el8.10.0+675+e6f3672e', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-gvproxy-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-gvproxy-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-gvproxy-debuginfo-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-gvproxy-debuginfo-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-plugins-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-plugins-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-plugins-debuginfo-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-plugins-debuginfo-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-remote-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-remote-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-remote-debuginfo-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-remote-debuginfo-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-tests-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-tests-4.9.4-12.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-criu-3.18-5.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-criu-3.18-5.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-podman-4.9.0-2.module+el8.10.0+675+e6f3672e', 'rpm_spec_vers_cmp':TRUE},
{'reference':'runc-1.1.12-4.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'runc-1.1.12-4.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'runc-debuginfo-1.1.12-4.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'runc-debuginfo-1.1.12-4.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'runc-debugsource-1.1.12-4.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'runc-debugsource-1.1.12-4.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'skopeo-1.14.5-3.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'skopeo-1.14.5-3.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'skopeo-tests-1.14.5-3.module+el8.10.0+675+e6f3672e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'skopeo-tests-1.14.5-3.module+el8.10.0+675+e6f3672e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'slirp4netns-1.2.3-1.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'slirp4netns-1.2.3-1.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'slirp4netns-debuginfo-1.2.3-1.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'slirp4netns-debuginfo-1.2.3-1.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'slirp4netns-debugsource-1.2.3-1.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'slirp4netns-debugsource-1.2.3-1.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'toolbox-0.0.99.5-2.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'toolbox-0.0.99.5-2.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'toolbox-debuginfo-0.0.99.5-2.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'toolbox-debuginfo-0.0.99.5-2.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'toolbox-debugsource-0.0.99.5-2.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'toolbox-debugsource-0.0.99.5-2.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'toolbox-tests-0.0.99.5-2.module+el8.8.0+633+50937502', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'toolbox-tests-0.0.99.5-2.module+el8.8.0+633+50937502', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'udica-0.2.6-21.module+el8.8.0+633+50937502', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
## (no known rpm to check OR known rpm_exists)
(!exists_check || rpm_exists(rpm:exists_check)) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aardvark-dns / buildah / buildah-debuginfo / etc');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Dec 2025 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS 3.15.5 - 8.3
EPSS0.02017
SSVC