Lucene search
Copyright (C) 2023 Greenbone AGOPENVAS:136141256231112202359371HistoryMar 09, 2023 - 12:00 a.m.
Ubuntu: Security Advisory (USN-5937-1)
2023-03-0900:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
2
ubuntu
opusfile
security advisory
vulnerability
pointer arguments
denial of service
package update
lts
16.04
18.04
20.04
22.04
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.2%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.12.2023.5937.1");
script_cve_id("CVE-2022-47021");
script_tag(name:"creation_date", value:"2023-03-09 04:11:27 +0000 (Thu, 09 Mar 2023)");
script_version("2024-02-02T05:06:10+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:10 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-01-27 14:45:49 +0000 (Fri, 27 Jan 2023)");
script_name("Ubuntu: Security Advisory (USN-5937-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(16\.04\ LTS|18\.04\ LTS|20\.04\ LTS|22\.04\ LTS)");
script_xref(name:"Advisory-ID", value:"USN-5937-1");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-5937-1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'opusfile' package(s) announced via the USN-5937-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"It was discovered that Opusfile was not properly validating pointer
arguments in some of its functions, which could lead to a NULL pointer
dereference. An attacker could possibly use this issue to cause a denial
of service or have other unspecified impacts.");
script_tag(name:"affected", value:"'opusfile' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU16.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"libopusfile0", ver:"0.7-1ubuntu0.1~esm1", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU18.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"libopusfile0", ver:"0.9+20170913-1ubuntu0.18.04.1~esm1", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU20.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"libopusfile0", ver:"0.9+20170913-1ubuntu0.20.04.1~esm1", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU22.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"libopusfile0", ver:"0.9+20170913-1.1ubuntu0.1~esm1", rls:"UBUNTU22.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
fedora
fedora
[SECURITY] Fedora 36 Update: mingw-opusfile-0.12-6.fc36
2023-02-02 02:06:17
[SECURITY] Fedora 37 Update: mingw-opusfile-0.12-9.fc37
2023-02-02 02:19:28
[SECURITY] Fedora 37 Update: opusfile-0.12-9.fc37
2023-02-10 00:40:23
nessus
nessus
Fedora 37 : opusfile (2023-6d18f920d2)
2023-02-09 00:00:00
Fedora 37 : mingw-opusfile (2023-9cdfc21898)
2023-02-01 00:00:00
Fedora 36 : mingw-opusfile (2023-528f07b5af)
2023-02-01 00:00:00
osv
osv
opusfile vulnerability
2023-03-08 13:55:19
CVE-2022-47021
2023-01-20 19:15:17
openvas
openvas
Fedora: Security Advisory for mingw-opusfile (FEDORA-2023-528f07b5af)
2023-02-03 00:00:00
Fedora: Security Advisory for opusfile (FEDORA-2023-6b83109e4e)
2023-02-10 00:00:00
openSUSE: Security Advisory for opusfile (openSUSE-SU-2024:0013-1)
2024-03-04 00:00:00
alpinelinux
alpinelinux
CVE-2022-47021
2023-01-20 19:15:17
nvd
nvd
CVE-2022-47021
2023-01-20 19:15:17
veracode
veracode
Denial Of Service (DoS)
2023-03-08 16:49:54
redos
redos
ROS-20230130-02
2023-01-30 00:00:00
ubuntucve
ubuntucve
CVE-2022-47021
2023-01-20 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-47021 affecting package opusfile 0.12-2
2024-07-04 21:08:39
ubuntu
ubuntu
Opusfile vulnerability
2023-03-08 00:00:00
prion
prion
Null pointer dereference
2023-01-20 19:15:00
mageia
mageia
Updated opusfile packages fix security vulnerability
2023-02-07 03:06:39
cvelist
cvelist
CVE-2022-47021
2023-01-20 00:00:00
cve
cve
CVE-2022-47021
2023-01-20 19:15:17
debiancve
debiancve
CVE-2022-47021
2023-01-20 19:15:17
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.2%
Related for OPENVAS:136141256231112202359371