Lucene search
Huawei EulerOS: Security Advisory for flac (EulerOS-SA-2023-3172)
🗓️ 10 Nov 2023 00:00:00Reported by Copyright (C) 2023 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 16 Views
The remote host is missing an update for the Huawei EulerOS 'flac' package(s) announced via the EulerOS-SA-2023-3172 advisory. Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. 'flac' package(s) on Huawei EulerOS V2.0SP10. Please install the updated package(s)
Show more
| Reporter | Title | Published | Views | Family All 86 |
|---|---|---|---|---|
 | EulerOS 2.0 SP9 : flac (EulerOS-SA-2023-2893) | 16 Jan 202400:00 | – | nessus |
| RHEL 8 : flac (RHSA-2023:5042) | 11 Sep 202300:00 | – | nessus |
| RHEL 9 : flac (RHSA-2023:5048) | 11 Sep 202300:00 | – | nessus |
| RHEL 8 : flac (RHSA-2023:5043) | 11 Sep 202300:00 | – | nessus |
| RHEL 8 : flac (RHSA-2023:5045) | 11 Sep 202300:00 | – | nessus |
| Fedora 37 : flac (2023-bf8423a373) | 16 Sep 202300:00 | – | nessus |
| Amazon Linux 2 : flac (ALAS-2023-2283) | 5 Oct 202300:00 | – | nessus |
| EulerOS 2.0 SP8 : flac (EulerOS-SA-2024-1263) | 12 Mar 202400:00 | – | nessus |
| Debian DSA-5500-1 : flac - security update | 19 Sep 202300:00 | – | nessus |
| EulerOS 2.0 SP10 : flac (EulerOS-SA-2023-3172) | 16 Jan 202400:00 | – | nessus |
10
| Source | Link |
|---|---|
| developer | www.developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html |
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2023.3172");
script_cve_id("CVE-2020-22219");
script_tag(name:"creation_date", value:"2023-11-10 04:21:14 +0000 (Fri, 10 Nov 2023)");
script_version("2024-02-05T14:36:57+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:57 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-08-30 16:57:28 +0000 (Wed, 30 Aug 2023)");
script_name("Huawei EulerOS: Security Advisory for flac (EulerOS-SA-2023-3172)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP10");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2023-3172");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2023-3172");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'flac' package(s) announced via the EulerOS-SA-2023-3172 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.(CVE-2020-22219)");
script_tag(name:"affected", value:"'flac' package(s) on Huawei EulerOS V2.0SP10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP10") {
if(!isnull(res = isrpmvuln(pkg:"flac-help", rpm:"flac-help~1.3.3~4.h4.eulerosv2r10", rls:"EULEROS-2.0SP10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo10 Nov 2023 00:00Current
7.8High risk
Vulners AI Score7.8
CVSS37.8
EPSS0.00104
SSVC