Lucene search

K
openvasCopyright (C) 2023 Greenbone AGOPENVAS:1361412562310827628
HistoryApr 28, 2023 - 12:00 a.m.

Fedora: Security Advisory for protobuf (FEDORA-2022-15729fa33d)

2023-04-2800:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
22
security
advisory
fedora 36
cve-2022-3171
cve-2022-1941
protocol buffers
vendorfix

AI Score

8

Confidence

High

EPSS

0.003

Percentile

71.0%

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.827628");
  script_version("2023-10-12T05:05:32+0000");
  script_cve_id("CVE-2022-3171", "CVE-2022-1941");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_tag(name:"last_modification", value:"2023-10-12 05:05:32 +0000 (Thu, 12 Oct 2023)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2022-10-13 17:28:00 +0000 (Thu, 13 Oct 2022)");
  script_tag(name:"creation_date", value:"2023-04-28 01:05:23 +0000 (Fri, 28 Apr 2023)");
  script_name("Fedora: Security Advisory for protobuf (FEDORA-2022-15729fa33d)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC36");

  script_xref(name:"Advisory-ID", value:"FEDORA-2022-15729fa33d");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALXNKOD4ZUT2GUVJRL2I6X3SHUBG34CN");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'protobuf'
  package(s) announced via the FEDORA-2022-15729fa33d advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Protocol Buffers are a way of encoding structured data in an efficient
yet extensible format. Google uses Protocol Buffers for almost all of
its internal RPC protocols and file formats.

Protocol buffers are a flexible, efficient, automated mechanism for
serializing structured data  think XML, but smaller, faster, and
simpler. You define how you want your data to be structured once, then
you can use special generated source code to easily write and read
your structured data to and from a variety of data streams and using a
variety of languages. You can even update your data structure without
breaking deployed programs that are compiled against the 'old' format.");

  script_tag(name:"affected", value:"'protobuf' package(s) on Fedora 36.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "FC36") {

  if(!isnull(res = isrpmvuln(pkg:"protobuf", rpm:"protobuf~3.19.6~1.fc36", rls:"FC36"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);