Lucene search
Copyright (C) 2024 Greenbone AGOPENVAS:136141256231112202468581HistoryJul 01, 2024 - 12:00 a.m.
Ubuntu: Security Advisory (USN-6858-1)
2024-07-0100:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.5 High
AI Score
Confidence
Low
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.12.2024.6858.1");
script_cve_id("CVE-2023-49990", "CVE-2023-49991", "CVE-2023-49992", "CVE-2023-49993", "CVE-2023-49994");
script_tag(name:"creation_date", value:"2024-07-01 13:33:35 +0000 (Mon, 01 Jul 2024)");
script_version("2024-07-02T05:05:43+0000");
script_tag(name:"last_modification", value:"2024-07-02 05:05:43 +0000 (Tue, 02 Jul 2024)");
script_tag(name:"cvss_base", value:"4.9");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-12-14 19:09:14 +0000 (Thu, 14 Dec 2023)");
script_name("Ubuntu: Security Advisory (USN-6858-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(18\.04\ LTS|20\.04\ LTS|22\.04\ LTS|23\.10)");
script_xref(name:"Advisory-ID", value:"USN-6858-1");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-6858-1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'espeak-ng' package(s) announced via the USN-6858-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"It was discovered that eSpeak NG did not properly manage memory under certain
circumstances. An attacker could possibly use this issue to cause a denial
of service, or execute arbitrary code. (CVE-2023-49990, CVE-2023-49991,
CVE-2023-49992, CVE-2023-49993, CVE-2023-49994)");
script_tag(name:"affected", value:"'espeak-ng' package(s) on Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 23.10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU18.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"espeak-ng", ver:"1.49.2+dfsg-1ubuntu0.1~esm1", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"espeak-ng-espeak", ver:"1.49.2+dfsg-1ubuntu0.1~esm1", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU20.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"espeak-ng", ver:"1.50+dfsg-6ubuntu0.1", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"espeak-ng-espeak", ver:"1.50+dfsg-6ubuntu0.1", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU22.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"espeak-ng", ver:"1.50+dfsg-10ubuntu0.1", rls:"UBUNTU22.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"espeak-ng-espeak", ver:"1.50+dfsg-10ubuntu0.1", rls:"UBUNTU22.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU23.10") {
if(!isnull(res = isdpkgvuln(pkg:"espeak-ng", ver:"1.51+dfsg-11ubuntu0.1", rls:"UBUNTU23.10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"espeak-ng-espeak", ver:"1.51+dfsg-11ubuntu0.1", rls:"UBUNTU23.10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
RHEL 8 : espeak-ng (Unpatched Vulnerability)
2024-05-11 00:00:00
Fedora 39 : espeak-ng (2024-5661c87b25)
2024-01-09 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0249)
2024-07-03 00:00:00
Fedora: Security Advisory for espeak-ng (FEDORA-2024-5661c87b25)
2024-01-18 00:00:00
Fedora: Security Advisory for espeak-ng (FEDORA-2024-698737a3c5)
2024-01-20 00:00:00
ubuntu
ubuntu
eSpeak NG vulnerabilities
2024-07-01 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: espeak-ng-1.51.1-6.fc39
2024-01-10 01:09:53
[SECURITY] Fedora 38 Update: espeak-ng-1.51.1-6.fc38
2024-01-19 03:25:07
osv
osv
espeak-ng vulnerabilities
2024-07-01 04:21:23
mageia
mageia
Updated espeak-ng packages fix security vulnerabilities
2024-07-02 19:23:27
cve
cve
debiancve
debiancve
cvelist
cvelist
veracode
veracode
Buffer Overflow
2023-12-21 08:42:59
Buffer Overflow
2023-12-21 11:36:44
Stack Buffer Underflow
2023-12-21 11:19:20
redhatcve
redhatcve
nvd
nvd
ubuntucve
ubuntucve
cbl_mariner
cbl_mariner
CVE-2023-49990 affecting package espeak-ng for versions less than 1.51.1-1
2024-03-19 17:21:46
prion
prion
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.5 High
AI Score
Confidence
Low
Related for OPENVAS:136141256231112202468581