Lucene search
Copyright (C) 2024 Greenbone AGOPENVAS:1361412562310833257HistoryMar 04, 2024 - 12:00 a.m.
openSUSE: Security Advisory for sccache (SUSE-SU-2023:3526-1)
2024-03-0400:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
2
opensuse
security advisory
sccache
update
version 0.4.2
cve-2021-45710
cve-2022-24713
cve-2022-31394
cve-2023-1521
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.2%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.833257");
script_version("2024-05-16T05:05:35+0000");
script_cve_id("CVE-2021-45710", "CVE-2022-24713", "CVE-2022-31394", "CVE-2023-1521");
script_tag(name:"cvss_base", value:"5.1");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:P/I:P/A:P");
script_tag(name:"last_modification", value:"2024-05-16 05:05:35 +0000 (Thu, 16 May 2024)");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-01-06 20:57:37 +0000 (Thu, 06 Jan 2022)");
script_tag(name:"creation_date", value:"2024-03-04 08:01:05 +0000 (Mon, 04 Mar 2024)");
script_name("openSUSE: Security Advisory for sccache (SUSE-SU-2023:3526-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=(openSUSELeap15\.4|openSUSELeap15\.5)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2023:3526-1");
script_xref(name:"URL", value:"https://lists.opensuse.org/archives/list/[email protected]/thread/WBWIGGUFCJEAQJKPFGIJRDM5XHPJ4SFY");
script_tag(name:"summary", value:"The remote host is missing an update for the 'sccache'
package(s) announced via the SUSE-SU-2023:3526-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for sccache fixes the following issues:
* Update to version 0.4.2.
* CVE-2021-45710: Fixed a segmentation fault due to data race in tokio create.
(bsc#1194119)
* CVE-2022-24713: Fixed a ReDoS issue due to vulnerable regex create.
(bsc#1196972)
* CVE-2022-31394: Fixed a DoS issue due to the max header list size not
settable. (bsc#1208553)
* CVE-2023-1521: Fixed a local privilege escalation. (bsc#1212407)
##");
script_tag(name:"affected", value:"'sccache' package(s) on openSUSE Leap 15.4, openSUSE Leap 15.5.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "openSUSELeap15.4") {
if(!isnull(res = isrpmvuln(pkg:"sccache", rpm:"sccache~0.4.2~3~150400.3.3.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"sccache-debuginfo", rpm:"sccache-debuginfo~0.4.2~3~150400.3.3.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"sccache", rpm:"sccache~0.4.2~3~150400.3.3.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"sccache-debuginfo", rpm:"sccache-debuginfo~0.4.2~3~150400.3.3.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "openSUSELeap15.5") {
if(!isnull(res = isrpmvuln(pkg:"sccache", rpm:"sccache~0.4.2~3~150400.3.3.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"sccache-debuginfo", rpm:"sccache-debuginfo~0.4.2~3~150400.3.3.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"sccache", rpm:"sccache~0.4.2~3~150400.3.3.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"sccache-debuginfo", rpm:"sccache-debuginfo~0.4.2~3~150400.3.3.1", rls:"openSUSELeap15.5"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);Related
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : sccache (SUSE-SU-2023:3526-1)
2023-09-06 00:00:00
SUSE SLED15 / SLES15 Security Update : sccache (SUSE-SU-2022:4073-1)
2022-11-19 00:00:00
SUSE SLED15 / SLES15 Security Update : rustup (SUSE-SU-2022:3949-1)
2022-11-13 00:00:00
openvas
openvas
openSUSE: Security Advisory for sccache (SUSE-SU-2023:2637-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for gstreamer (SUSE-SU-2024:0090-1)
2024-03-04 00:00:00
Fedora: Security Advisory for rust-regex (FEDORA-2022-ceb3e03c5e)
2022-03-23 00:00:00
redhatcve
redhatcve
CVE-2021-45710
2022-11-17 04:56:00
CVE-2022-24713
2022-04-06 14:50:16
nvd
nvd
ubuntucve
ubuntucve
debiancve
debiancve
osv
osv
Race Condition in tokio
2022-01-06 22:04:37
CVE-2021-45710
2021-12-27 00:15:10
Data race when sending and receiving after closing a `oneshot` channel
2021-11-16 12:00:00
cvelist
cvelist
CVE-2021-45710
2021-12-26 21:47:20
CVE-2022-31394
2023-02-21 00:00:00
CVE-2022-24713 Regular expression denial of service in Rust's regex crate
2022-03-08 19:00:12
cve
cve
github
github
Race Condition in tokio
2022-01-06 22:04:37
Rust's regex crate vulnerable to regular expression denial of service
2022-03-08 20:00:36
sccache vulnerable to privilege escalation if server is run as root
2023-05-30 20:06:02
prion
prion
Memory corruption
2021-12-27 00:15:00
Design/Logic Flaw
2023-02-21 14:15:00
Design/Logic Flaw
2022-03-08 19:15:00
rustsec
rustsec
cbl_mariner
cbl_mariner
CVE-2022-31394 affecting package rpm-ostree for versions less than 2022.1-4
2023-03-24 23:57:10
CVE-2022-31394 affecting package rpm-ostree for versions less than 2022.1-7
2024-04-19 22:15:55
CVE-2022-24713 affecting package librsvg2 for versions less than 2.58.1-1
2024-06-21 09:32:44
fedora
fedora
[SECURITY] Fedora 36 Update: rust-regex-1.5.5-1.fc36
2022-03-26 15:45:42
[SECURITY] Fedora 34 Update: rust-regex-1.5.5-1.fc34
2022-03-17 14:43:04
[SECURITY] Fedora 35 Update: rust-regex-1.5.5-1.fc35
2022-03-17 15:47:18
veracode
veracode
Denial Of Service (DoS)
2022-04-09 00:46:36
alpinelinux
alpinelinux
CVE-2022-24713
2022-03-08 19:15:08
githubexploit
githubexploit
Exploit for Uncontrolled Resource Consumption in Rust-Lang Regex
2022-06-05 22:17:00
Exploit for CVE-2023-1521
2023-11-15 15:31:44
hackerone
hackerone
ubuntu
ubuntu
rust-regex vulnerability
2022-09-14 00:00:00
Firefox vulnerabilities
2022-04-07 00:00:00
slackware
slackware
[slackware-security] mozilla-firefox
2022-04-05 19:19:02
[slackware-security] mozilla-thunderbird
2022-04-06 20:29:58
redos
redos
ROS-20220412-02
2022-04-12 00:00:00
ROS-20220412-03
2022-04-12 00:00:00
kaspersky
kaspersky
KLA12497 Multiple vulnerabilities in Mozilla Firefox ESR
2022-04-05 00:00:00
KLA12498 Multiple vulnerabilities in Mozilla Thunderbird
2022-03-07 00:00:00
KLA12496 Multiple vulnerabilities in Mozilla Firefox
2022-04-05 00:00:00
redhat
redhat
(RHSA-2022:1286) Important: firefox security update
2022-04-08 13:39:06
(RHSA-2022:1283) Important: firefox security update
2022-04-08 13:30:19
(RHSA-2022:1285) Important: firefox security update
2022-04-08 13:33:48
debian
debian
[SECURITY] [DSA 5113-1] firefox-esr security update
2022-04-06 17:11:21
[SECURITY] [DLA 2971-1] firefox-esr security update
2022-04-07 08:43:52
[SECURITY] [DSA 5118-1] thunderbird security update
2022-04-10 18:10:05
suse
suse
Security update for MozillaFirefox (important)
2022-04-07 00:00:00
Security update for MozillaThunderbird (important)
2022-04-13 00:00:00
oraclelinux
oraclelinux
firefox security update
2022-04-08 00:00:00
firefox security update
2022-04-08 00:00:00
thunderbird security update
2022-04-11 00:00:00
rocky
rocky
thunderbird security update
2022-04-11 13:29:58
firefox security update
2022-04-08 13:40:04
almalinux
almalinux
Important: firefox security update
2022-04-08 13:40:04
Important: thunderbird security update
2022-04-11 13:29:58
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 91.8 — Mozilla
2022-04-05 00:00:00
Security Vulnerabilities fixed in Thunderbird 91.8 — Mozilla
2022-04-05 00:00:00
Security Vulnerabilities fixed in Firefox 99 — Mozilla
2022-04-05 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 91.8.0-alt1
2022-04-06 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 91.8.0-alt1
2022-04-06 00:00:00
amazon
amazon
Important: thunderbird
2022-04-25 23:45:00
mageia
mageia
Updated firefox/nss/rootcerts packages fix security vulnerability
2022-04-29 01:46:19
Updated thunderbird packages fix security vulnerabilities
2022-04-29 01:46:19
ibm
ibm
gentoo
gentoo
Mozilla Firefox: Multiple Vulnerabilities
2022-08-10 00:00:00
Mozilla Thunderbird: Multiple Vulnerabilities
2022-08-10 00:00:00
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.2%
Related for OPENVAS:1361412562310833257