7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
42.2%
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-1a7e2b3dda advisory.
A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. (CVE-2023-32665)
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. (CVE-2023-29499)
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. (CVE-2023-32611)
A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665. (CVE-2023-32643)
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. (CVE-2023-32636)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2023-1a7e2b3dda
#
include('compat.inc');
if (description)
{
script_id(177359);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/29");
script_cve_id(
"CVE-2023-29499",
"CVE-2023-32611",
"CVE-2023-32636",
"CVE-2023-32643",
"CVE-2023-32665"
);
script_xref(name:"FEDORA", value:"2023-1a7e2b3dda");
script_name(english:"Fedora 37 : mingw-glib2 (2023-1a7e2b3dda)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2023-1a7e2b3dda advisory.
- A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a
crafted GVariant can cause excessive processing, leading to denial of service. (CVE-2023-32665)
- A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the
expected format, leading to denial of service. (CVE-2023-29499)
- A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted
GVariant can cause excessive processing, leading to denial of service. (CVE-2023-32611)
- A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow
introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does
affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for
CVE-2023-32665. (CVE-2023-32643)
- A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service
introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may
be very slow. This bug does not affect any released version of glib but does affect glib distributors who
followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. (CVE-2023-32636)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2023-1a7e2b3dda");
script_set_attribute(attribute:"solution", value:
"Update the affected mingw-glib2 package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-32643");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/06/07");
script_set_attribute(attribute:"patch_publication_date", value:"2023/06/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/06/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:37");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mingw-glib2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^37([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 37', 'Fedora ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);
var pkgs = [
{'reference':'mingw-glib2-2.74.7-1.fc37', 'release':'FC37', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && _release) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mingw-glib2');
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | mingw-glib2 | p-cpe:/a:fedoraproject:fedora:mingw-glib2 |
fedoraproject | fedora | 37 | cpe:/o:fedoraproject:fedora:37 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29499
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32611
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32643
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32665
bodhi.fedoraproject.org/updates/FEDORA-2023-1a7e2b3dda
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
42.2%