Lucene search
Copyright (C) 2023 Greenbone AGOPENVAS:13614125623114202336901HistorySep 21, 2023 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2023:3690-1)
2023-09-2100:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
5
suse
security advisory
libcares2
sles12.0sp5
cve-2020-22217
out of bounds read
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
13.4%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2023.3690.1");
script_cve_id("CVE-2020-22217");
script_tag(name:"creation_date", value:"2023-09-21 04:21:12 +0000 (Thu, 21 Sep 2023)");
script_version("2024-02-02T14:37:52+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:52 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"5.4");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-10-30 17:47:38 +0000 (Mon, 30 Oct 2023)");
script_name("SUSE: Security Advisory (SUSE-SU-2023:3690-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES12\.0SP5)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2023:3690-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2023/suse-su-20233690-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'libcares2' package(s) announced via the SUSE-SU-2023:3690-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for libcares2 fixes the following issues:
CVE-2020-22217: Fixed an out of bounds read in ares_parse_soa_reply(). (bsc#1214674)");
script_tag(name:"affected", value:"'libcares2' package(s) on SUSE Linux Enterprise High Performance Computing 12-SP5, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server for SAP Applications 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Workstation Extension 12.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES12.0SP5") {
if(!isnull(res = isrpmvuln(pkg:"libcares2", rpm:"libcares2~1.9.1~9.18.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libcares2-debuginfo", rpm:"libcares2-debuginfo~1.9.1~9.18.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libcares2-debugsource", rpm:"libcares2-debugsource~1.9.1~9.18.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
debiancve
debiancve
CVE-2020-22217
2023-08-22 19:16:19
redhatcve
redhatcve
CVE-2020-22217
2023-08-30 15:15:33
osv
osv
CVE-2020-22217
2023-08-22 19:16:19
c-ares vulnerability
2023-09-18 13:08:11
c-ares - security update
2023-09-15 00:00:00
cve
cve
CVE-2020-22217
2023-08-22 19:16:19
ubuntucve
ubuntucve
CVE-2020-22217
2023-08-22 00:00:00
nessus
nessus
RHEL 8 : c-ares (RHSA-2024:0419)
2024-01-25 00:00:00
Debian DLA-3567-1 : c-ares - LTS security update
2023-09-17 00:00:00
SUSE SLED12 / SLES12 Security Update : libcares2 (SUSE-SU-2023:3690-1)
2023-09-21 00:00:00
debian
debian
[SECURITY] [DLA 3567-1] c-ares security update
2023-09-15 06:39:57
prion
prion
Buffer overflow
2023-08-22 19:16:00
redhat
redhat
(RHSA-2024:0419) Moderate: c-ares security update
2024-01-24 14:40:26
(RHSA-2024:0578) Moderate: c-ares security update
2024-01-30 12:53:21
(RHSA-2023:7207) Moderate: c-ares security update
2023-11-14 16:23:45
openvas
openvas
Debian: Security Advisory (DLA-3567-1)
2023-09-18 00:00:00
Ubuntu: Security Advisory (USN-6376-1)
2023-09-19 00:00:00
ubuntu
ubuntu
c-ares vulnerability
2023-09-18 00:00:00
cbl_mariner
cbl_mariner
nvd
nvd
CVE-2020-22217
2023-08-22 19:16:19
cvelist
cvelist
CVE-2020-22217
2023-08-22 00:00:00
almalinux
almalinux
Moderate: c-ares security update
2023-11-14 00:00:00
rocky
rocky
c-ares security update
2023-11-28 22:42:52
oraclelinux
oraclelinux
c-ares security update
2023-11-22 00:00:00
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
13.4%
Related for OPENVAS:13614125623114202336901