Linux Distros Unpatched Vulnerability : CVE-2023-29197

🗓️ 27 Aug 2025 00:00:00Reported by TenableType

Unpatched vulnerability in a PHP HTTP library allows newline injection in header names and values.

Reporter	Title	Published	Views	Family All 103
FreeBSD	mantis -- multiple vulnerabilities	14 Oct 202300:00	–	freebsd
FreeBSD	mediawiki -- multiple vulnerabilities	21 Apr 202300:00	–	freebsd
Circl	CVE-2023-29197	27 Oct 202317:00	–	circl
CNNVD	PSR-7 Message Implementation 安全漏洞	17 Apr 202300:00	–	cnnvd
CVE	CVE-2023-29197	17 Apr 202321:08	–	cve
Cvelist	CVE-2023-29197 Improper header name validation in guzzlehttp/psr7	17 Apr 202321:08	–	cvelist
Debian	[SECURITY] [DLA 3705-1] php-guzzlehttp-psr7 security update	31 Dec 202322:52	–	debian
Debian CVE	CVE-2023-29197	17 Apr 202321:08	–	debiancve
Tenable Nessus	Debian dla-3705 : php-guzzlehttp-psr7 - security update	22 Jan 202500:00	–	nessus
Tenable Nessus	Fedora 38 : php-nyholm-psr7 (2023-b0811dc6e4)	29 Apr 202300:00	–	nessus

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2023-29197
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(257405);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/10/28");

  script_cve_id("CVE-2023-29197");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2023-29197");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to
    improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values.
    While the specification states that \r\n\r\n is used to terminate the header list, many servers in the
    wild will also accept \n\n. This is a follow-up to CVE-2022-24775 where the fix was incomplete. The issue
    has been patched in versions 1.9.1 and 2.4.5. There are no known workarounds for this vulnerability. Users
    are advised to upgrade. (CVE-2023-29197)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2023-29197");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-29197");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php-guzzlehttp-psr7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:php-nyholm-psr7");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-16.04", "Host/OS/Ubuntu Linux-20.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "php-guzzlehttp-psr7"}
        ]
      }
    ]
  },
  "Ubuntu Linux-20.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "20.04",
        "pkgs": [
          {"reference": "php-nyholm-psr7"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

28 Oct 2025 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS 3.15.3 - 7.5

EPSS0.04782