TencentOS Server 3: mysql:8.0 (TSSA-2025:0204)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2025:0204.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(238953);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/12/04");

  script_cve_id(
    "CVE-2024-11053",
    "CVE-2024-21193",
    "CVE-2024-21194",
    "CVE-2024-21196",
    "CVE-2024-21197",
    "CVE-2024-21198",
    "CVE-2024-21199",
    "CVE-2024-21201",
    "CVE-2024-21203",
    "CVE-2024-21212",
    "CVE-2024-21213",
    "CVE-2024-21218",
    "CVE-2024-21219",
    "CVE-2024-21230",
    "CVE-2024-21231",
    "CVE-2024-21236",
    "CVE-2024-21237",
    "CVE-2024-21238",
    "CVE-2024-21239",
    "CVE-2024-21241",
    "CVE-2024-21247",
    "CVE-2024-37371",
    "CVE-2024-5535",
    "CVE-2024-7264",
    "CVE-2025-21490",
    "CVE-2025-21491",
    "CVE-2025-21494",
    "CVE-2025-21497",
    "CVE-2025-21500",
    "CVE-2025-21501",
    "CVE-2025-21503",
    "CVE-2025-21504",
    "CVE-2025-21505",
    "CVE-2025-21518",
    "CVE-2025-21519",
    "CVE-2025-21520",
    "CVE-2025-21521",
    "CVE-2025-21522",
    "CVE-2025-21523",
    "CVE-2025-21525",
    "CVE-2025-21529",
    "CVE-2025-21531",
    "CVE-2025-21534",
    "CVE-2025-21536",
    "CVE-2025-21540",
    "CVE-2025-21543",
    "CVE-2025-21546",
    "CVE-2025-21555",
    "CVE-2025-21559"
  );

  script_name(english:"TencentOS Server 3: mysql:8.0 (TSSA-2025:0204)");

  script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 3 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is,
therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0204 advisory.

    Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:

    CVE-2024-5535:
    Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an
    empty supported client protocols buffer may cause a crash or memory contents to
    be sent to the peer.

    Impact summary: A buffer overread can have a range of potential consequences
    such as unexpected application beahviour or a crash. In particular this issue
    could result in up to 255 bytes of arbitrary private data from memory being sent
    to the peer leading to a loss of confidentiality. However, only applications
    that directly call the SSL_select_next_proto function with a 0 length list of
    supported client protocols are affected by this issue. This would normally never
    be a valid scenario and is typically not under attacker control but may occur by
    accident in the case of a configuration or programming error in the calling
    application.

    The OpenSSL API function SSL_select_next_proto is typically used by TLS
    applications that support ALPN (Application Layer Protocol Negotiation) or NPN
    (Next Protocol Negotiation). NPN is older, was never standardised and
    is deprecated in favour of ALPN. We believe that ALPN is significantly more
    widely deployed than NPN. The SSL_select_next_proto function accepts a list of
    protocols from the server and a list of protocols from the client and returns
    the first protocol that appears in the server list that also appears in the
    client list. In the case of no overlap between the two lists it returns the
    first item in the client list. In either case it will signal whether an overlap
    between the two lists was found. In the case where SSL_select_next_proto is
    called with a zero length client list it fails to notice this condition and
    returns the memory immediately following the client list pointer (and reports
    that there was no overlap in the lists).

    This function is typically called from a server side application callback for
    ALPN or a client side application callback for NPN. In the case of ALPN the list
    of protocols supplied by the client is guaranteed by libssl to never be zero in
    length. The list of server protocols comes from the application and should never
    normally be expected to be of zero length. In this case if the
    SSL_select_next_proto function has been called as expected (with the list
    supplied by the client passed in the client/client_len parameters), then the
    application will not be vulnerable to this issue. If the application has
    accidentally been configured with a zero length server list, and has
    accidentally passed that zero length server list in the client/client_len
    parameters, and has additionally failed to correctly handle a no overlap
    response (which would normally result in a handshake failure in ALPN) then it
    will be vulnerable to this problem.

    In the case of NPN, the protocol permits the client to opportunistically select
    a protocol when there is no overlap. OpenSSL returns the first client protocol
    in the no overlap case in support of this. The list of client protocols comes
    from the application and should never normally be expected to be of zero length.
    However if the SSL_select_next_proto function is accidentally called with a
    client_len of 0 then an invalid memory pointer will be returned instead. If the
    application uses this output as the opportunistic protocol then the loss of
    confidentiality will occur.

    This issue has been assessed as Low severity because applications are most
    likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not
    widely used. It also requires an application configuration or programming error.
    Finally, this issue would not typically be under attacker control making active
    exploitation unlikely.

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    Due to the low severity of this issue we are not issuing new releases of
    OpenSSL at this time. The fix will be included in the next releases when they
    become available.

    CVE-2024-7264:
    libcurl's ASN1 parser code has the GTime2str() function, used for parsing an
    ASN.1 Generalized Time field. If given an syntactically incorrect field, the
    parser might end up using -1 for the length of the *time fraction*, leading to
    a strlen() getting performed on a pointer to a heap buffer area that is not
    (purposely) null terminated.

    This flaw most likely leads to a crash, but can also lead to heap contents
    getting returned to the application when
    [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.

    CVE-2024-11053:
    When asked to both use a .netrc file for credentials and to follow HTTP
    redirects, curl could leak the password used for the first host to the
    followed-to host under certain circumstances.

    This flaw only manifests itself if the netrc file has an entry that matches
    the redirect target hostname but the entry either omits just the password or
    omits both login and password.

    CVE-2024-21193:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS).  Supported versions
    that are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Easily exploitable
    vulnerability allows high privileged attacker with network access via multiple protocols to compromise
    MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
    or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
    impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

    CVE-2024-21194:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that
    are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Easily exploitable vulnerability
    allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
    repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS
    Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

    CVE-2024-21196:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin).  Supported
    versions that are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Easily exploitable
    vulnerability allows low privileged attacker with network access via multiple protocols to compromise
    MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
    or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability
    impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

    CVE-2024-21197:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).
    Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Easily
    exploitable vulnerability allows high privileged attacker with network access via multiple protocols to
    compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to
    cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9
    (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

    CVE-2024-21198:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).  Supported versions
    that are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Easily exploitable
    vulnerability allows high privileged attacker with network access via multiple protocols to compromise
    MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
    or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
    impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

    CVE-2024-21199:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that
    are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Easily exploitable vulnerability
    allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
    repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS
    Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

    CVE-2024-21201:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported
    versions that are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Easily exploitable
    vulnerability allows high privileged attacker with network access via multiple protocols to compromise
    MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
    or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
    impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

    CVE-2024-21203:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS).  Supported versions
    that are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Easily exploitable
    vulnerability allows high privileged attacker with network access via multiple protocols to compromise
    MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
    or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
    impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

    CVE-2024-21212:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Health Monitor).  Supported
    versions that are affected are 8.0.39 and prior and  8.4.0. Difficult to exploit vulnerability allows high
    privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful
    attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
    crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts).  CVSS Vector:
    (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

    CVE-2024-21213:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that
    are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Easily exploitable vulnerability
    allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise
    MySQL Server.  Successful attacks require human interaction from a person other than the attacker.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
    repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.2 (Availability impacts).  CVSS
    Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).

    CVE-2024-21218:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that
    are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Easily exploitable vulnerability
    allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
    repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS
    Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

    CVE-2024-21219:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).  Supported versions
    that are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Easily exploitable
    vulnerability allows high privileged attacker with network access via multiple protocols to compromise
    MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
    or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
    impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

    CVE-2024-21230:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported
    versions that are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Easily exploitable
    vulnerability allows low privileged attacker with network access via multiple protocols to compromise
    MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
    or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability
    impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

    CVE-2024-21231:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs).  Supported
    versions that are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Difficult to
    exploit vulnerability allows low privileged attacker with network access via multiple protocols to
    compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to
    cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.1 (Availability
    impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L).

    CVE-2024-21236:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that
    are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Easily exploitable vulnerability
    allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
    repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS
    Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

    CVE-2024-21237:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS).
    Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Difficult
    to exploit vulnerability allows high privileged attacker with network access via multiple protocols to
    compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to
    cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability
    impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).

    CVE-2024-21238:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling).  Supported
    versions that are affected are 8.0.39 and prior, 8.4.1 and prior and  9.0.1 and prior. Difficult to
    exploit vulnerability allows low privileged attacker with network access via multiple protocols to
    compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to
    cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3
    (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

    CVE-2024-21239:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that
    are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Easily exploitable vulnerability
    allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
    repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS
    Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

    CVE-2024-21241:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported
    versions that are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Easily exploitable
    vulnerability allows high privileged attacker with network access via multiple protocols to compromise
    MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
    or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
    impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

    CVE-2024-21247:
    Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump).  Supported
    versions that are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Easily exploitable
    vulnerability allows high privileged attacker with network access via multiple protocols to compromise
    MySQL Client.  Successful attacks of this vulnerability can result in  unauthorized update, insert or
    delete access to some of MySQL Client accessible data as well as  unauthorized read access to a subset of
    MySQL Client accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts).  CVSS
    Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).

    CVE-2024-37371:
    In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message
    token handling by sending message tokens with invalid length fields.

    CVE-2025-21490:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that
    are affected are 8.0.40 and prior, 8.4.3 and prior and  9.1.0 and prior. Easily exploitable vulnerability
    allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
    repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS
    Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

    CVE-2025-21491:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that
    are affected are 8.0.40 and prior, 8.4.3 and prior and  9.1.0 and prior. Easily exploitable vulnerability
    allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
    repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS
    Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

    CVE-2025-21494:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
    Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Difficult
    to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL
    Server executes to compromise MySQL Server.  Successful attacks of this vulnerability can result in
    unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS
    3.1 Base Score 4.1 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

    CVE-2025-21497:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that
    are affected are 8.0.40 and prior, 8.4.3 and prior and  9.1.0 and prior. Easily exploitable vulnerability
    allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
    repeatable crash (complete DOS) of MySQL Server as well as  unauthorized update, insert or delete access
    to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts).
    CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

    CVE-2025-21500:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported
    versions that are affected are 8.0.40 and prior, 8.4.3 and prior and  9.1.0 and prior. Easily exploitable
    vulnerability allows low privileged attacker with network access via multiple protocols to compromise
    MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
    or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability
    impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

    CVE-2025-21501:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported
    versions that are affected are 8.0.40 and prior, 8.4.3 and prior and  9.1.0 and prior. Easily exploitable
    vulnerability allows low privileged attacker with network access via multiple protocols to compromise
    MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
    or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability
    impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

    CVE-2025-21503:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that
    are affected are 8.0.40 and prior, 8.4.3 and prior and  9.1.0 and prior. Easily exploitable vulnerability
    allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
    repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS
    Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

    CVE-2025-21504:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported
    versions that are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Easily exploitable
    vulnerability allows high privileged attacker with network access via multiple protocols to compromise
    MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
    or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
    impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

    CVE-2025-21505:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).
    Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and  9.1.0 and prior. Easily
    exploitable vulnerability allows high privileged attacker with network access via multiple protocols to
    compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to
    cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9
    (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

    CVE-2025-21518:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported
    versions that are affected are 8.0.40 and prior, 8.4.3 and prior and  9.1.0 and prior. Easily exploitable
    vulnerability allows low privileged attacker with network access via multiple protocols to compromise
    MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
    or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability
    impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

    CVE-2025-21519:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
    Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and  9.1.0 and prior. Difficult
    to exploit vulnerability allows high privileged attacker with network access via multiple protocols to
    compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to
    cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4
    (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

    CVE-2025-21520:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options).  Supported
    versions that are affected are 8.0.40 and prior, 8.4.3 and prior and  9.1.0 and prior. Difficult to
    exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server
    executes to compromise MySQL Server.  Successful attacks require human interaction from a person other
    than the attacker. Successful attacks of this vulnerability can result in  unauthorized read access to a
    subset of MySQL Server accessible data. CVSS 3.1 Base Score 1.8 (Confidentiality impacts).  CVSS Vector:
    (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N).

    CVE-2025-21521:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling).  Supported
    versions that are affected are 8.0.39 and prior, 8.4.2 and prior and  9.0.1 and prior. Easily exploitable
    vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise
    MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
    or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability
    impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

    CVE-2025-21522:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser).  Supported versions
    that are affected are 8.0.40 and prior, 8.4.3 and prior and  9.1.0 and prior. Easily exploitable
    vulnerability allows low privileged attacker with network access via multiple protocols to compromise
    MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang
    or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability
    impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

    CVE-2025-21523:
    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that
    are affected are 8.0.40 and prior, 8.4.3 and prior and  9.1.0 and prior. Easily exploitable vulnerability
    allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
    repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS
    Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

    CVE-2025-21525:
    Vulnerability in the MySQL Server product of Oracle MySQL  ...

  Please note that the description has been truncated due to length. Please refer to vendor advisory for the full
description.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20250204.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-37371");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/02/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/02/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:mecab");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:mecab-ipadic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:mysql");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tencent Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 3.x', 'TencentOS ' + os_version);

if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'mecab-0.996-2.module+el8.8.0+484+537fff7e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mecab-0.996-2.module+el8.8.0+484+537fff7e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mecab-debuginfo-0.996-2.module+el8.8.0+484+537fff7e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mecab-debuginfo-0.996-2.module+el8.8.0+484+537fff7e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mecab-debugsource-0.996-2.module+el8.8.0+484+537fff7e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mecab-debugsource-0.996-2.module+el8.8.0+484+537fff7e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mecab-devel-0.996-2.module+el8.8.0+484+537fff7e', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mecab-devel-0.996-2.module+el8.8.0+484+537fff7e', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mecab-ipadic-2.7.0.20070801-17.module+el8.10.0+727+ecc1cc8b', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mecab-ipadic-2.7.0.20070801-17.module+el8.10.0+727+ecc1cc8b', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-17.module+el8.10.0+727+ecc1cc8b', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-17.module+el8.10.0+727+ecc1cc8b', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-common-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-common-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-debuginfo-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-debuginfo-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-debugsource-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-debugsource-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-devel-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-devel-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-devel-debuginfo-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-devel-debuginfo-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-errmsg-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-errmsg-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-libs-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-libs-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-libs-debuginfo-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-libs-debuginfo-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-server-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-server-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-server-debuginfo-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-server-debuginfo-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-test-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-test-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-test-debuginfo-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'mysql-test-debuginfo-8.0.41-1.module+el8.10.0+727+ecc1cc8b', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mecab / mecab-debuginfo / mecab-debugsource / etc');
}