Lucene search
Copyright (C) 2023 Greenbone AGOPENVAS:13614125623114202343551HistoryNov 06, 2023 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2023:4355-1)
2023-11-0600:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
10
suse caas platform
suse linux enterprise high performance computing
suse linux enterprise server
sap applications
gstreamer-plugins-bad
remote code execution
improper parsing
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
7.9
Confidence
High
EPSS
0.001
Percentile
16.2%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2023.4355.1");
script_cve_id("CVE-2023-40474");
script_tag(name:"creation_date", value:"2023-11-06 04:20:41 +0000 (Mon, 06 Nov 2023)");
script_version("2023-11-06T05:06:26+0000");
script_tag(name:"last_modification", value:"2023-11-06 05:06:26 +0000 (Mon, 06 Nov 2023)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_name("SUSE: Security Advisory (SUSE-SU-2023:4355-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES15\.0SP1)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2023:4355-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2023/suse-su-20234355-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'gstreamer-plugins-bad' package(s) announced via the SUSE-SU-2023:4355-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for gstreamer-plugins-bad fixes the following issues:
CVE-2023-40474: Fixed a remote code execution issue due to improper
parsing of H265 encoded video files (bsc#1215793).");
script_tag(name:"affected", value:"'gstreamer-plugins-bad' package(s) on SUSE CaaS Platform 4.0, SUSE Linux Enterprise High Performance Computing 15-SP1, SUSE Linux Enterprise Server 15-SP1, SUSE Linux Enterprise Server for SAP Applications 15-SP1.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES15.0SP1") {
if(!isnull(res = isrpmvuln(pkg:"gstreamer-plugins-bad", rpm:"gstreamer-plugins-bad~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gstreamer-plugins-bad-debuginfo", rpm:"gstreamer-plugins-bad-debuginfo~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gstreamer-plugins-bad-debugsource", rpm:"gstreamer-plugins-bad-debugsource~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gstreamer-plugins-bad-devel", rpm:"gstreamer-plugins-bad-devel~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"gstreamer-plugins-bad-lang", rpm:"gstreamer-plugins-bad-lang~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstadaptivedemux-1_0-0", rpm:"libgstadaptivedemux-1_0-0~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstadaptivedemux-1_0-0-debuginfo", rpm:"libgstadaptivedemux-1_0-0-debuginfo~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstbadallocators-1_0-0", rpm:"libgstbadallocators-1_0-0~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstbadallocators-1_0-0-debuginfo", rpm:"libgstbadallocators-1_0-0-debuginfo~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstbadaudio-1_0-0", rpm:"libgstbadaudio-1_0-0~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstbadaudio-1_0-0-debuginfo", rpm:"libgstbadaudio-1_0-0-debuginfo~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstbadbase-1_0-0", rpm:"libgstbadbase-1_0-0~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstbadbase-1_0-0-debuginfo", rpm:"libgstbadbase-1_0-0-debuginfo~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstbadvideo-1_0-0", rpm:"libgstbadvideo-1_0-0~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstbadvideo-1_0-0-debuginfo", rpm:"libgstbadvideo-1_0-0-debuginfo~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstbasecamerabinsrc-1_0-0", rpm:"libgstbasecamerabinsrc-1_0-0~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstbasecamerabinsrc-1_0-0-debuginfo", rpm:"libgstbasecamerabinsrc-1_0-0-debuginfo~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstcodecparsers-1_0-0", rpm:"libgstcodecparsers-1_0-0~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstcodecparsers-1_0-0-debuginfo", rpm:"libgstcodecparsers-1_0-0-debuginfo~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstgl-1_0-0", rpm:"libgstgl-1_0-0~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstgl-1_0-0-debuginfo", rpm:"libgstgl-1_0-0-debuginfo~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstinsertbin-1_0-0", rpm:"libgstinsertbin-1_0-0~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstinsertbin-1_0-0-debuginfo", rpm:"libgstinsertbin-1_0-0-debuginfo~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstmpegts-1_0-0", rpm:"libgstmpegts-1_0-0~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstmpegts-1_0-0-debuginfo", rpm:"libgstmpegts-1_0-0-debuginfo~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstphotography-1_0-0", rpm:"libgstphotography-1_0-0~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstphotography-1_0-0-debuginfo", rpm:"libgstphotography-1_0-0-debuginfo~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstplayer-1_0-0", rpm:"libgstplayer-1_0-0~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstplayer-1_0-0-debuginfo", rpm:"libgstplayer-1_0-0-debuginfo~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgsturidownloader-1_0-0", rpm:"libgsturidownloader-1_0-0~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgsturidownloader-1_0-0-debuginfo", rpm:"libgsturidownloader-1_0-0-debuginfo~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstwayland-1_0-0", rpm:"libgstwayland-1_0-0~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libgstwayland-1_0-0-debuginfo", rpm:"libgstwayland-1_0-0-debuginfo~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"typelib-1_0-GstBadAllocators-1_0", rpm:"typelib-1_0-GstBadAllocators-1_0~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"typelib-1_0-GstGL-1_0", rpm:"typelib-1_0-GstGL-1_0~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"typelib-1_0-GstInsertBin-1_0", rpm:"typelib-1_0-GstInsertBin-1_0~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"typelib-1_0-GstMpegts-1_0", rpm:"typelib-1_0-GstMpegts-1_0~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"typelib-1_0-GstPlayer-1_0", rpm:"typelib-1_0-GstPlayer-1_0~1.12.5~150000.3.12.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:4361-1)
2023-11-06 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0307-1)
2024-02-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:4368-1)
2023-11-07 00:00:00
debiancve
debiancve
CVE-2023-40474
2024-05-03 03:15:19
nessus
nessus
SUSE SLES15 Security Update : gstreamer-plugins-bad (SUSE-SU-2023:4350-1)
2023-11-03 00:00:00
SUSE SLES15 Security Update : gstreamer-plugins-bad (SUSE-SU-2023:4361-1)
2023-11-04 00:00:00
SUSE SLES12 Security Update : gstreamer (SUSE-SU-2023:4982-1)
2023-12-29 00:00:00
cve
cve
CVE-2023-40474
2024-05-03 03:15:19
alpinelinux
alpinelinux
CVE-2023-40474
2024-05-03 03:15:19
redhatcve
redhatcve
CVE-2023-40474
2023-12-14 18:02:57
zdi
zdi
cvelist
cvelist
nvd
nvd
CVE-2023-40474
2024-05-03 03:15:19
veracode
veracode
Heap Buffer Overflow
2023-11-30 16:32:09
ubuntucve
ubuntucve
CVE-2023-40474
2023-09-28 00:00:00
vulnrichment
vulnrichment
almalinux
almalinux
Moderate: gstreamer1-plugins-bad-free security update
2024-05-22 00:00:00
Moderate: gstreamer1-plugins-bad-free security update
2024-04-30 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0145
2023-11-17 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0513
2023-11-16 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0167
2023-12-12 00:00:00
amazon
amazon
Important: gstreamer1-plugins-bad-free
2023-10-12 15:09:00
redhat
redhat
debian
debian
[SECURITY] [DLA 3633-1] gst-plugins-bad1.0 security update
2023-10-28 12:08:28
[SECURITY] [DSA 5533-1] gst-plugins-bad1.0 security update
2023-10-24 20:58:56
osv
osv
gst-plugins-bad1.0 - security update
2023-10-24 00:00:00
gst-plugins-bad1.0 - security update
2023-10-28 00:00:00
Moderate: gstreamer1-plugins-bad-free security update
2024-06-14 13:59:30
redos
redos
ROS-20240806-09
2024-08-06 00:00:00
oraclelinux
oraclelinux
gstreamer1-plugins-bad-free security update
2024-05-23 00:00:00
gstreamer1-plugins-bad-free security update
2024-05-02 00:00:00
rocky
rocky
gstreamer1-plugins-bad-free security update
2024-06-14 13:59:30
gstreamer1-plugins-bad-free security update
2024-05-10 14:32:38
rosalinux
rosalinux
Advisory ROSA-SA-2024-2357
2024-02-20 10:26:09
gentoo
gentoo
GStreamer, GStreamer Plugins: Multiple Vulnerabilities
2024-06-28 00:00:00
ubuntu
ubuntu
GStreamer Bad Plugins vulnerabilities
2023-11-29 00:00:00
mageia
mageia
Updated gstreamer packages fix many security vulnerabilities
2023-12-22 14:04:51
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
7.9
Confidence
High
EPSS
0.001
Percentile
16.2%
Related for OPENVAS:13614125623114202343551