Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2023-0871-1.NASL
HistoryMar 23, 2023 - 12:00 a.m.

SUSE SLES15 Security Update : container-suseconnect (SUSE-SU-2023:0871-1)

2023-03-2300:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
suse sles15
container-suseconnect
multiple vulnerabilities
remote host
denial of service
excessive cpu
http/2 stream
tls handshake
session resumption
net/http
mime/multipart
temporary files

0.024 Low

EPSS

Percentile

90.0%

JSON

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0871-1 advisory.

  • On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(C:/tmp).Open(COM1) opens the COM1 device.
    Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS() has changed.
    Previously, an empty root was treated equivalently to /, so os.DirFS().Open(tmp) would open the path /tmp. This now returns an error. (CVE-2022-41720)

  • A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. (CVE-2022-41723)

  • Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert). (CVE-2022-41724)

  • A denial of service is possible from excessive resource consumption in net/http and mime/multipart.
    Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing up to maxMemory bytes +10MB (reserved for non-file parts) in memory. File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type’s documentation states, If stored on disk, the File’s underlying concrete type will be an *os.File… This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader. (CVE-2022-41725)

  • The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh. (CVE-2023-24532)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2023:0871-1. The text itself
# is copyright (C) SUSE.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(173289);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/14");

  script_cve_id(
    "CVE-2022-41720",
    "CVE-2022-41723",
    "CVE-2022-41724",
    "CVE-2022-41725",
    "CVE-2023-24532"
  );
  script_xref(name:"SuSE", value:"SUSE-SU-2023:0871-1");

  script_name(english:"SUSE SLES15 Security Update : container-suseconnect (SUSE-SU-2023:0871-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by multiple vulnerabilities as
referenced in the SUSE-SU-2023:0871-1 advisory.

  - On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir
    type provide access to a tree of files rooted at a given directory. These functions permit access to
    Windows device files under that root. For example, os.DirFS(C:/tmp).Open(COM1) opens the COM1 device.
    Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS
    for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the
    drive and access any path on the system. With fix applied, the behavior of os.DirFS() has changed.
    Previously, an empty root was treated equivalently to /, so os.DirFS().Open(tmp) would open the path
    /tmp. This now returns an error. (CVE-2022-41720)

  - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient
    to cause a denial of service from a small number of small requests. (CVE-2022-41723)

  - Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS
    handshake records which cause servers and clients, respectively, to panic when attempting to construct
    responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption
    (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client
    certificates (by setting Config.ClientAuth >= RequestClientCert). (CVE-2022-41724)

  - A denial of service is possible from excessive resource consumption in net/http and mime/multipart.
    Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory
    and disk files. This also affects form parsing in the net/http package with the Request methods FormFile,
    FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented
    as storing up to maxMemory bytes +10MB (reserved for non-file parts) in memory. File parts which cannot
    be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file
    parts is excessively large and can potentially open a denial of service vector on its own. However,
    ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead,
    part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In
    addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small
    request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts
    for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory
    bytes of memory consumption. Users should still be aware that this limit is high and may still be
    hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form
    parts into a single temporary file. The mime/multipart.File interface type's documentation states, If
    stored on disk, the File's underlying concrete type will be an *os.File.. This is no longer the case when
    a form contains more than one file part, due to this coalescing of parts into a single file. The previous
    behavior of using distinct files for each form part may be reenabled with the environment variable
    GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request
    methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the
    size of form data with http.MaxBytesReader. (CVE-2022-41725)

  - The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with
    some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages
    of crypto/ecdsa or crypto/ecdh. (CVE-2023-24532)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1200441");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1206134");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1208270");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1208271");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1208272");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1209030");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-41720");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-41723");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-41724");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-41725");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-24532");
  # https://lists.suse.com/pipermail/sle-security-updates/2023-March/014139.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ea66458c");
  script_set_attribute(attribute:"solution", value:
"Update the affected container-suseconnect package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-41720");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/03/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:container-suseconnect");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES15|SLES_SAP15)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);

var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(1|2|3|4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP1/2/3/4", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(1|2|3|4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP1/2/3/4", os_ver + " SP" + service_pack);

var pkgs = [
    {'reference':'container-suseconnect-2.4.0-150000.4.24.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'container-suseconnect-2.4.0-150000.4.24.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
    {'reference':'container-suseconnect-2.4.0-150000.4.24.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'container-suseconnect-2.4.0-150000.4.24.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'container-suseconnect-2.4.0-150000.4.24.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
    {'reference':'container-suseconnect-2.4.0-150000.4.24.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
    {'reference':'container-suseconnect-2.4.0-150000.4.24.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
    {'reference':'container-suseconnect-2.4.0-150000.4.24.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
    {'reference':'container-suseconnect-2.4.0-150000.4.24.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},
    {'reference':'container-suseconnect-2.4.0-150000.4.24.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},
    {'reference':'container-suseconnect-2.4.0-150000.4.24.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},
    {'reference':'container-suseconnect-2.4.0-150000.4.24.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},
    {'reference':'container-suseconnect-2.4.0-150000.4.24.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-containers-release-15.4', 'sles-release-15.4']},
    {'reference':'container-suseconnect-2.4.0-150000.4.24.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
    {'reference':'container-suseconnect-2.4.0-150000.4.24.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},
    {'reference':'container-suseconnect-2.4.0-150000.4.24.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']}
];

var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var exists_check = NULL;
  var rpm_spec_vers_cmp = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (reference && _release) {
    if (exists_check) {
      var check_flag = 0;
      foreach var check (exists_check) {
        if (!rpm_exists(release:_release, rpm:check)) continue;
        if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;
        check_flag++;
      }
      if (!check_flag) continue;
    }
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
}

if (flag)
{
  var ltss_plugin_caveat = NULL;
  if(ltss_caveat_required) ltss_plugin_caveat = '\n' +
    'NOTE: This vulnerability check contains fixes that apply to\n' +
    'packages only available in SUSE Enterprise Linux Server LTSS\n' +
    'repositories. Access to these package security updates require\n' +
    'a paid SUSE LTSS subscription.\n';
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + ltss_plugin_caveat
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'container-suseconnect');
}
VendorProductVersionCPE
novellsuse_linuxcontainer-suseconnectp-cpe:/a:novell:suse_linux:container-suseconnect
novellsuse_linux15cpe:/o:novell:suse_linux:15

Related

openvas 15
mageia 1
nessus 42
ibm 31
redhat 8
freebsd 2
altlinux 2
osv 16
oraclelinux 1
almalinux 1
rocky 1
photon 2
nvd 5
amazon 3
redhatcve 5
prion 5
ubuntucve 5
cvelist 4
cve 5
veracode 4
alpinelinux 5
debiancve 5
cbl_mariner 15
cgr 4
wolfi 3
fedora 8
redos 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:0871-1)
2023-03-28 00:00:00
Mageia: Security Advisory (MGASA-2023-0109)
2023-03-28 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2292)
2023-07-04 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2023-03-24 08:55:49
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.19 (SUSE-SU-2023:0733-1)
2023-03-15 00:00:00
EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-2292)
2023-07-04 00:00:00
EulerOS 2.0 SP10 : golang (EulerOS-SA-2023-1804)
2023-05-08 00:00:00
ibm
ibm
Security Bulletin: Operations Dashboard is vulnerable to denial of service due to multiple vulnerabilities in Go
2023-04-03 13:23:46
Security Bulletin: Multiple vulnerabilities in golang affect IBM Db2® REST
2023-05-01 14:59:25
Security Bulletin: Multiple vulnerabilities in Golang Go may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2022-32149, CVE-2022-41721, CVE-2022-41723, CVE-2022-41724, CVE-2022-41725 and CVE-2023-24532)
2024-01-09 13:45:10
redhat
redhat
(RHSA-2023:3083) Moderate: go-toolset:rhel8 security and bug fix update
2023-05-16 09:15:09
(RHSA-2023:7672) Moderate: OpenShift Virtualization 4.14.1 RPMs security and bug fix update
2023-12-06 14:32:56
(RHSA-2023:1639) Moderate: OpenShift API for Data Protection (OADP) 1.1.3 security and bug fix update
2023-04-05 01:12:58
freebsd
freebsd
go -- multiple vulnerabilities
2023-02-14 00:00:00
go -- crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results
2023-02-22 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.19.6-alt1
2023-02-22 00:00:00
Security fix for the ALT Linux 10 package golang version 1.19.7-alt1
2023-03-10 00:00:00
osv
osv
Moderate: go-toolset:rhel8 security and bug fix update
2023-05-16 00:00:00
Moderate: go-toolset:Rocky Linux8 security and bug fix update
2023-05-18 19:17:56
BIT-golang-2022-41720
2024-03-06 10:58:08
oraclelinux
oraclelinux
go-toolset:ol8 security and bug fix update
2023-05-25 00:00:00
almalinux
almalinux
Moderate: go-toolset:rhel8 security and bug fix update
2023-05-16 00:00:00
rocky
rocky
go-toolset:Rocky Linux8 security and bug fix update
2023-05-18 19:17:56
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0362
2023-03-23 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0564
2023-04-06 00:00:00
nvd
nvd
CVE-2022-41720
2022-12-07 17:15:10
CVE-2023-24532
2023-03-08 20:15:09
CVE-2022-41724
2023-02-28 18:15:10
amazon
amazon
Important: golang
2023-04-13 19:28:00
Important: golang
2023-04-13 19:01:00
Important: cni-plugins
2023-08-03 18:10:00
redhatcve
redhatcve
CVE-2022-41720
2023-01-16 13:05:09
CVE-2023-24532
2023-07-17 17:11:05
CVE-2022-41725
2023-03-15 05:13:48
prion
prion
Design/Logic Flaw
2022-12-07 17:15:00
Code injection
2023-03-08 20:15:00
Design/Logic Flaw
2023-02-28 18:15:00
ubuntucve
ubuntucve
CVE-2022-41720
2022-12-07 00:00:00
CVE-2023-24532
2023-03-08 00:00:00
CVE-2022-41725
2023-02-28 00:00:00
cvelist
cvelist
CVE-2022-41720 Restricted file access on Windows in os and net/http
2022-12-07 16:11:18
CVE-2023-24532 Incorrect calculation on P256 curves in crypto/internal/nistec
2023-03-08 19:40:45
CVE-2022-41725 Excessive resource consumption in mime/multipart
2023-02-28 17:19:42
cve
cve
CVE-2022-41720
2022-12-07 17:15:10
CVE-2023-24532
2023-03-08 20:15:09
CVE-2022-41725
2023-02-28 18:15:10
veracode
veracode
Path Traversal
2022-12-08 02:28:44
Incorrect ECC Calculation
2023-03-09 11:15:16
Denial Of Service (DoS)
2023-02-18 18:51:32
alpinelinux
alpinelinux
CVE-2022-41720
2022-12-07 17:15:10
CVE-2023-24532
2023-03-08 20:15:09
CVE-2022-41725
2023-02-28 18:15:10
debiancve
debiancve
CVE-2022-41720
2022-12-07 17:15:10
CVE-2023-24532
2023-03-08 20:15:09
CVE-2022-41725
2023-02-28 18:15:10
cbl_mariner
cbl_mariner
CVE-2023-24532 affecting package golang for versions less than 1.21.6-1
2024-07-03 03:08:37
CVE-2022-41725 affecting package golang for versions less than 1.19.5-1
2024-07-03 03:08:37
CVE-2022-41725 affecting package golang 1.17.13-2
2024-07-03 03:08:33
cgr
cgr
CVE-2023-24532 vulnerabilities
2024-05-19 03:07:16
CVE-2022-41724 vulnerabilities
2024-05-19 03:07:16
CVE-2022-41725 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2023-24532 vulnerabilities
2024-07-03 09:08:38
CVE-2022-41724 vulnerabilities
2024-07-03 09:08:38
CVE-2022-41725 vulnerabilities
2024-07-03 09:08:38
fedora
fedora
[SECURITY] Fedora 37 Update: skopeo-1.11.2-1.fc37
2023-04-12 01:34:16
[SECURITY] Fedora 37 Update: golang-github-gabriel-vasile-mimetype-1.4.2-1.fc37
2023-04-20 02:54:37
[SECURITY] Fedora 37 Update: golang-github-cli-oauth-1.0.1-2.fc37
2023-04-20 02:54:37
redos
redos
ROS-20231030-04
2023-10-30 00:00:00

0.024 Low

EPSS

Percentile

90.0%

JSON
Related for SUSE_SU-2023-0871-1.NASL
openvas15mageia1nessus42ibm31redhat8freebsd2altlinux2osv16oraclelinux1almalinux1rocky1photon2nvd5amazon3redhatcve5prion5ubuntucve5cvelist4cve5veracode4alpinelinux5debiancve5cbl_mariner15cgr4wolfi3fedora8redos1