Lucene search
Copyright (C) 2023 Greenbone AGOPENVAS:1361412562311220233165HistoryNov 10, 2023 - 12:00 a.m.
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2023-3165)
2023-11-1000:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
2
huawei euleros
binutils
security advisory
vulnerabilities
denial of service
memory leaks
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.4%
The remote host is missing an update for the Huawei EulerOS
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2023.3165");
script_cve_id("CVE-2021-46174", "CVE-2022-47007", "CVE-2022-47008", "CVE-2022-47010", "CVE-2022-47011", "CVE-2022-47673", "CVE-2022-47695", "CVE-2022-47696", "CVE-2022-48063", "CVE-2022-48064", "CVE-2022-48065");
script_tag(name:"creation_date", value:"2023-11-10 04:21:14 +0000 (Fri, 10 Nov 2023)");
script_version("2024-02-05T14:36:57+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:57 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"7.2");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-08-26 02:15:04 +0000 (Sat, 26 Aug 2023)");
script_name("Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2023-3165)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP10");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2023-3165");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2023-3165");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'binutils' package(s) announced via the EulerOS-SA-2023-3165 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.(CVE-2022-47696)
An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.(CVE-2022-47695)
An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.(CVE-2022-47673)
Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.(CVE-2021-46174)
An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.(CVE-2022-47011)
An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.(CVE-2022-47008)
An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.(CVE-2022-47010)
An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.(CVE-2022-47007)
GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.(CVE-2022-48065)
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.(CVE-2022-48064)
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.(CVE-2022-48063)");
script_tag(name:"affected", value:"'binutils' package(s) on Huawei EulerOS V2.0SP10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP10") {
if(!isnull(res = isrpmvuln(pkg:"binutils", rpm:"binutils~2.34~4.h22.eulerosv2r10", rls:"EULEROS-2.0SP10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
openvas
openvas
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2023-3490)
2023-12-22 00:00:00
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2023-3200)
2023-11-10 00:00:00
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2023-2891)
2023-10-09 00:00:00
nessus
nessus
EulerOS 2.0 SP10 : binutils (EulerOS-SA-2023-3200)
2024-01-16 00:00:00
EulerOS Virtualization 2.10.1 : binutils (EulerOS-SA-2023-3490)
2024-01-16 00:00:00
EulerOS Virtualization 2.9.0 : binutils (EulerOS-SA-2023-3097)
2024-01-16 00:00:00
redos
redos
ROS-20231013-05
2023-10-13 00:00:00
ROS-20240410-08
2024-04-10 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0478
2023-09-25 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0096
2023-09-20 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0468
2023-09-09 00:00:00
cloudlinux
cloudlinux
binutils: Fix of 3 CVEs
2023-09-12 16:40:09
osv
osv
binutils vulnerabilities
2024-02-26 10:13:22
binutils vulnerabilities
2024-01-15 11:57:53
binutils vulnerabilities
2023-10-04 17:09:59
cloudfoundry
cloudfoundry
USN-6655-1: GNU binutils vulnerabilities | Cloud Foundry
2024-04-04 00:00:00
USN-6581-1: GNU binutils vulnerabilities | Cloud Foundry
2024-02-29 00:00:00
ubuntu
ubuntu
GNU binutils vulnerabilities
2024-02-26 00:00:00
GNU binutils vulnerabilities
2024-01-15 00:00:00
GNU binutils vulnerabilities
2023-10-04 00:00:00
amazon
amazon
Medium: binutils
2024-01-03 21:04:00
fedora
fedora
[SECURITY] Fedora 39 Update: gdb-13.2-10.fc39
2023-11-03 18:57:37
[SECURITY] Fedora 38 Update: gdb-13.2-6.fc38
2023-10-23 03:00:12
[SECURITY] Fedora 37 Update: gdb-13.2-3.fc37
2023-10-13 01:33:49
redhatcve
redhatcve
alpinelinux
alpinelinux
prion
prion
Memory corruption
2023-08-22 19:16:00
Design/Logic Flaw
2023-08-22 19:16:00
Denial of service
2023-08-22 19:16:00
veracode
veracode
Memory Leaks
2023-08-25 21:46:41
Denial Of Service (DoS)
2023-08-25 23:34:34
Memory Leaks
2023-08-25 21:46:42
debiancve
debiancve
cvelist
cvelist
nvd
nvd
ubuntucve
ubuntucve
cve
cve
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.4%
Related for OPENVAS:1361412562311220233165