The version of openssl installed on the remote host is prior to 1.0.2k-16.162. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1683 advisory.

    A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient     to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful     decryption, an attacker would have to be able to send a very large number of trial messages for     decryption. This issue affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP, and RSASVE. (CVE-2022-4304)

    A use-after-free vulnerability was found in OpenSSL's BIO_new_NDEF function. The public API function     BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally     by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be called directly     by end-user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter     BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the     caller. Under certain conditions. For example, if a CMS recipient public key is invalid, the new filter     BIO is freed, and the function returns a NULL result indicating a failure. However, in this case, the BIO     chain is not properly cleaned up, and the BIO passed by the caller still retains internal pointers to the     previously freed filter BIO. If the caller then calls BIO_pop() on the BIO, a use-after-free will occur,     possibly resulting in a crash. (CVE-2023-0215)

    A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an     X.509 GeneralName. When CRL checking is enabled (for example, the application sets the     X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a     memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack     requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid     signature. If the attacker only controls one of these inputs, the other input must already contain an     X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely     only to affect applications that have implemented their own functionality for retrieving CRLs over a     network. (CVE-2023-0286)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1934 advisory.

    A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient     to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful     decryption, an attacker would have to be able to send a very large number of trial messages for     decryption. This issue affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP, and RSASVE. (CVE-2022-4304)

    A double-free vulnerability was found in OpenSSL's PEM_read_bio_ex function. The function     PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the name (for example,     CERTIFICATE), any header data, and the payload data. If the function succeeds, then the     name_out, header, and data arguments are populated with pointers to     buffers containing the relevant decoded data. The caller is responsible for freeing those buffers.
    Constructing a PEM file that results in 0 bytes of payload data is possible. In this case,     PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a     freed buffer. A double-free will occur if the caller also frees this buffer. This will most likely lead to     a crash. This could be exploited by an attacker who can supply malicious PEM files for parsing to achieve     a denial of service attack. (CVE-2022-4450)

    A use-after-free vulnerability was found in OpenSSL's BIO_new_NDEF function. The public API function     BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally     by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be called directly     by end-user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter     BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the     caller. Under certain conditions. For example, if a CMS recipient public key is invalid, the new filter     BIO is freed, and the function returns a NULL result indicating a failure. However, in this case, the BIO     chain is not properly cleaned up, and the BIO passed by the caller still retains internal pointers to the     previously freed filter BIO. If the caller then calls BIO_pop() on the BIO, a use-after-free will occur,     possibly resulting in a crash. (CVE-2023-0215)

    A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an     X.509 GeneralName. When CRL checking is enabled (for example, the application sets the     X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a     memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack     requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid     signature. If the attacker only controls one of these inputs, the other input must already contain an     X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely     only to affect applications that have implemented their own functionality for retrieving CRLs over a     network. (CVE-2023-0286)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0946 advisory.

    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)     protocols, as well as a full-strength general-purpose cryptography library.

    Security Fix(es):

    * openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)

    * openssl: read buffer overflow in X.509 certificate verification (CVE-2022-4203)

    * openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)

    * openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)

    * openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)

    * openssl: invalid pointer dereference in d2i_PKCS7 functions (CVE-2023-0216)

    * openssl: NULL dereference validating DSA public key (CVE-2023-0217)

    * openssl: NULL dereference during PKCS7 data verification (CVE-2023-0401)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * HMAC generation should reject key lengths < 112 bits or provide an indicator in FIPS mode (BZ#2144000)

    * In FIPS mode, openssl should set a minimum length for passwords in PBKDF2 (BZ#2144003)

    * stunnel consumes high amount of memory when pestered with TCP connections without a TLS handshake     (BZ#2144008)

    * In FIPS mode, openssl should reject SHAKE as digest for RSA-OAEP or provide an indicator (BZ#2144010)

    * In FIPS mode, openssl should reject RSASSA-PSS salt lengths larger than the output size of the hash     function used, or provide an indicator (BZ#2144012)

    * In FIPS mode, openssl should reject RSA signatures with X9.31 padding, or provide an indicator     (BZ#2144015)

    * In FIPS mode, openssl should reject SHA-224, SHA-384, SHA-512-224, and SHA-512-256 as hashes for hash-     based DRBGs, or provide an indicator after 2023-05-16 (BZ#2144017)

    * In FIPS mode, openssl should reject KDF input and output key lengths < 112 bits or provide an indicator     (BZ#2144019)

    * In FIPS mode, openssl should reject RSA keys < 2048 bits when using EVP_PKEY_decapsulate, or provide an     indicator (BZ#2145170)

    * RHEL9.1 Nightly[0912] - error:03000093:digital envelope routines::command not supported when git clone     is run with configured ibmca engine backed by libica.so.4 (OpenSSL 3.0) (BZ#2149010)

    * OpenSSL FIPS checksum code needs update (BZ#2158412)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-e821b64a4c advisory.

    add sub-package with xen build (resolves: rhbz#2170730)

    ----

    update openssl (CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304).

    ----

    cherry-pick aarch64 bugfixes,     set firmware build release date,     add ext4 sub-package

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1405 advisory.

    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)     protocols, as well as a full-strength general-purpose cryptography library.

    Security Fix(es):

    * openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)

    * openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)

    * openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)

    * openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient     to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful     decryption an attacker would have to be able to send a very large number of trial messages for decryption.
    The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS     connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An     attacker that had observed a genuine connection between a client and a server could use this flaw to send     trial messages to the server and record the time taken to process them. After a sufficiently large number     of messages the attacker could recover the pre-master secret used for the original connection and thus be     able to decrypt the application data sent over that connection. (CVE-2022-4304)

  - The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the 'name' (e.g.
    'CERTIFICATE'), any header data and the payload data. If the function succeeds then the 'name_out',     'header' and 'data' arguments are populated with pointers to buffers containing the relevant decoded data.
    The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results     in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate     the header argument with a pointer to a buffer that has already been freed. If the caller also frees this     buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an     attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service     attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and     therefore these functions are also directly affected. These functions are also called indirectly by a     number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file()     which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the     caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations     include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL     asn1parse command line application is also impacted by this issue. (CVE-2022-4450)

  - The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is     primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may     also be called directly by end user applications. The function receives a BIO from the caller, prepends a     new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the     BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid,     the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this     case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal     pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then     a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the     internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call     BIO_pop() on the BIO. This internal function is in turn called by the public API functions     PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1,     SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include     i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL     cms and smime command line applications are similarly affected. (CVE-2023-0215)

  - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
    X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME     incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently     interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL     checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may     allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or     enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate     chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these     inputs, the other input must already contain an X.400 address as a CRL distribution point, which is     uncommon. As such, this vulnerability is most likely to only affect applications which have implemented     their own functionality for retrieving CRLs over a network. (CVE-2023-0286)

  - A security vulnerability has been identified in all supported versions of OpenSSL related to the     verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit     this vulnerability by creating a malicious certificate chain that triggers exponential use of     computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy     processing is disabled by default but can be enabled by passing the `-policy' argument to the command line     utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. (CVE-2023-0464)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2932 advisory.

  - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient     to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful     decryption an attacker would have to be able to send a very large number of trial messages for decryption.
    The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS     connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An     attacker that had observed a genuine connection between a client and a server could use this flaw to send     trial messages to the server and record the time taken to process them. After a sufficiently large number     of messages the attacker could recover the pre-master secret used for the original connection and thus be     able to decrypt the application data sent over that connection. (CVE-2022-4304)

  - The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the name (e.g.
    CERTIFICATE), any header data and the payload data. If the function succeeds then the name_out,     header and data arguments are populated with pointers to buffers containing the relevant decoded data.
    The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results     in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate     the header argument with a pointer to a buffer that has already been freed. If the caller also frees this     buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an     attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service     attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and     therefore these functions are also directly affected. These functions are also called indirectly by a     number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file()     which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the     caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations     include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL     asn1parse command line application is also impacted by this issue. (CVE-2022-4450)

  - The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is     primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may     also be called directly by end user applications. The function receives a BIO from the caller, prepends a     new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the     BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid,     the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this     case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal     pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then     a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the     internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call     BIO_pop() on the BIO. This internal function is in turn called by the public API functions     PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1,     SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include     i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL     cms and smime command line applications are similarly affected. (CVE-2023-0215)

  - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
    X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME     incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently     interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL     checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may     allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or     enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate     chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these     inputs, the other input must already contain an X.400 address as a CRL distribution point, which is     uncommon. As such, this vulnerability is most likely to only affect applications which have implemented     their own functionality for retrieving CRLs over a network. (CVE-2023-0286)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3354 advisory.

    Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This     software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged     under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent     update experience.

    This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 serves as a     replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1, and includes bug     fixes and enhancements, which are documented in the Release Notes document linked to in the References.

    Security Fix(es):

    * apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)
    * curl: HSTS bypass via IDN (CVE-2022-43551)
    * curl: HTTP Proxy deny use-after-free (CVE-2022-43552)
    * curl: HSTS ignored on multiple requests (CVE-2023-23914)
    * curl: HSTS amnesia with --parallel (CVE-2023-23915)
    * curl: HTTP multi-header compression denial of service (CVE-2023-23916)
    * curl: TELNET option IAC injection (CVE-2023-27533)
    * curl: SFTP path ~ resolving discrepancy (CVE-2023-27534)
    * httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)
    * httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)
    * openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)
    * openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)
    * openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)
    * openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4128 advisory.

    EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package     contains a sample 64-bit UEFI firmware for QEMU and KVM.

    Security Fix(es):

    * openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)

    * openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)

    * openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient     to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful     decryption an attacker would have to be able to send a very large number of trial messages for decryption.
    The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS     connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An     attacker that had observed a genuine connection between a client and a server could use this flaw to send     trial messages to the server and record the time taken to process them. After a sufficiently large number     of messages the attacker could recover the pre-master secret used for the original connection and thus be     able to decrypt the application data sent over that connection. (CVE-2022-4304)

  - The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the 'name' (e.g.
    'CERTIFICATE'), any header data and the payload data. If the function succeeds then the 'name_out',     'header' and 'data' arguments are populated with pointers to buffers containing the relevant decoded data.
    The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results     in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate     the header argument with a pointer to a buffer that has already been freed. If the caller also frees this     buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an     attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service     attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and     therefore these functions are also directly affected. These functions are also called indirectly by a     number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file()     which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the     caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations     include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL     asn1parse command line application is also impacted by this issue. (CVE-2022-4450)

  - The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is     primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may     also be called directly by end user applications. The function receives a BIO from the caller, prepends a     new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the     BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid,     the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this     case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal     pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then     a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the     internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call     BIO_pop() on the BIO. This internal function is in turn called by the public API functions     PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1,     SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include     i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL     cms and smime command line applications are similarly affected. (CVE-2023-0215)

  - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
    X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME     incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently     interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL     checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may     allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or     enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate     chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these     inputs, the other input must already contain an X.400 address as a CRL distribution point, which is     uncommon. As such, this vulnerability is most likely to only affect applications which have implemented     their own functionality for retrieving CRLs over a network. (CVE-2023-0286)

  - A security vulnerability has been identified in all supported versions of OpenSSL related to the     verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit     this vulnerability by creating a malicious certificate chain that triggers exponential use of     computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy     processing is disabled by default but can be enabled by passing the `-policy' argument to the command line     utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. (CVE-2023-0464)

  - Applications that use a non-default option when verifying certificates may be vulnerable to an attack from     a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are     silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A     malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent     policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled     by passing the `-policy' argument to the command line utilities or by calling the     `X509_VERIFY_PARAM_set1_policies()' function. (CVE-2023-0465)

  - The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy     check when doing certificate verification. However the implementation of the function does not enable the     check which allows certificates with invalid or incorrect policies to pass the certificate verification.
    As suddenly enabling the policy check could break existing deployments it was decided to keep the existing     behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to     perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the     policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument.
    Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.
    (CVE-2023-0466)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-13025 advisory.

    - Create new 20230821 release for OL8 which includes the following fixed CVEs:
      CVE-2019-14560
    - Update to OpenSSL 1.1.1v which includes the following fixed CVEs:
      CVE-2023-3817 CVE-2023-3446 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286     CVE-2023-0215 CVE-2022-4450 CVE-2022-4304 CVE-2022-2097 CVE-2022-2068 CVE-2022-1292 CVE-2022-0778     CVE-2021-4160 CVE-2021-3712 CVE-2021-3711 CVE-2021-3450 CVE-2021-3449 CVE-2021-23841 CVE-2021-23840     CVE-2020-1971 CVE-2020-1967 CVE-2019-1551 CVE-2019-1563 CVE-2019-1549 CVE-2019-1547 CVE-2019-1552     CVE-2019-1543 CVE-2018-0734 CVE-2018-0735

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0613 advisory.

  - A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as     @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states we are in     the process of marking this report as invalid; however, some third parties takes the position that A     prototype injection/Prototype pollution is not just when global objects are polluted with recursive merge     or deep cloning but also when a target object is polluted. (CVE-2022-37616)

  - When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by     finalizing the operation with a rename from a temporary name to the final target file name.In that rename     operation, it might accidentally *widen* the permissions for the target file, leaving the updated file     accessible to more users than intended. (CVE-2022-32207)

  - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the     XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to     access an array at a negative 2GB offset, typically leading to a segmentation fault. (CVE-2022-40303)

  - An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a     hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be     provoked. (CVE-2022-40304)

  - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
    X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME     incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently     interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL     checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may     allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or     enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate     chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these     inputs, the other input must already contain an X.400 address as a CRL distribution point, which is     uncommon. As such, this vulnerability is most likely to only affect applications which have implemented     their own functionality for retrieving CRLs over a network. (CVE-2023-0286)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the linux-sgx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient     to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful     decryption an attacker would have to be able to send a very large number of trial messages for decryption.
    The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS     connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An     attacker that had observed a genuine connection between a client and a server could use this flaw to send     trial messages to the server and record the time taken to process them. After a sufficiently large number     of messages the attacker could recover the pre-master secret used for the original connection and thus be     able to decrypt the application data sent over that connection. (CVE-2022-4304)

  - The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the 'name' (e.g.
    'CERTIFICATE'), any header data and the payload data. If the function succeeds then the 'name_out',     'header' and 'data' arguments are populated with pointers to buffers containing the relevant decoded data.
    The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results     in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate     the header argument with a pointer to a buffer that has already been freed. If the caller also frees this     buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an     attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service     attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and     therefore these functions are also directly affected. These functions are also called indirectly by a     number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file()     which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the     caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations     include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL     asn1parse command line application is also impacted by this issue. (CVE-2022-4450)

  - The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is     primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may     also be called directly by end user applications. The function receives a BIO from the caller, prepends a     new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the     BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid,     the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this     case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal     pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then     a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the     internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call     BIO_pop() on the BIO. This internal function is in turn called by the public API functions     PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1,     SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include     i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL     cms and smime command line applications are similarly affected. (CVE-2023-0215)

  - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
    X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME     incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently     interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL     checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may     allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or     enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate     chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these     inputs, the other input must already contain an X.400 address as a CRL distribution point, which is     uncommon. As such, this vulnerability is most likely to only affect applications which have implemented     their own functionality for retrieving CRLs over a network. (CVE-2023-0286)

  - A security vulnerability has been identified in all supported versions of OpenSSL related to the     verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit     this vulnerability by creating a malicious certificate chain that triggers exponential use of     computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy     processing is disabled by default but can be enabled by passing the `-policy' argument to the command line     utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. (CVE-2023-0464)

  - Applications that use a non-default option when verifying certificates may be vulnerable to an attack from     a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are     silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A     malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent     policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled     by passing the `-policy' argument to the command line utilities or by calling the     `X509_VERIFY_PARAM_set1_policies()' function. (CVE-2023-0465)

  - The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy     check when doing certificate verification. However the implementation of the function does not enable the     check which allows certificates with invalid or incorrect policies to pass the certificate verification.
    As suddenly enabling the policy check could break existing deployments it was decided to keep the existing     behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to     perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the     policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument.
    Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.
    (CVE-2023-0466)

  - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be     very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL     subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to     very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT     IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit.
    OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the     OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT     IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER     is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the     translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n'     being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic     algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs     in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be     received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to     specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest     passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any     version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In     OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts     anything that processes X.509 certificates, including simple things like verifying its signature. The     impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's     certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client     authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509     certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so     these versions are considered not affected by this issue in such a way that it would be cause for concern,     and the severity is therefore considered low. (CVE-2023-2650)

  - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary:
    Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key     or DH parameters may experience long delays. Where the key or parameters that are being checked have been     obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs     various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter     value can also trigger an overly long computation during some of these checks. A correct q value, if     present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if     q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an     untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself     called by a number of other OpenSSL functions. An application calling any of those other functions may     similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check().
    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check'     option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS     providers are not affected by this issue. (CVE-2023-3817)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	名称	产品	系列	发布时间	最近更新时间	严重程度
171217	Amazon Linux AMI : openssl (ALAS-2023-1683)	Nessus	Amazon Linux Local Security Checks	2023/2/8	2024/12/11	critical
171228	Amazon Linux 2 : openssl11 (ALAS-2023-1934)	Nessus	Amazon Linux Local Security Checks	2023/2/8	2024/12/11	critical
171973	RHEL 9 : openssl (RHSA-2023:0946)	Nessus	Red Hat Local Security Checks	2023/2/28	2025/4/13	critical
172108	Fedora 36 : edk2 (2023-e821b64a4c)	Nessus	Fedora Local Security Checks	2023/3/5	2024/11/14	critical
173311	RHEL 8 : openssl (RHSA-2023:1405)	Nessus	Red Hat Local Security Checks	2023/3/23	2025/4/13	critical
175523	EulerOS 2.0 SP9 : openssl (EulerOS-SA-2023-1875)	Nessus	Huawei Local Security Checks	2023/5/13	2023/8/10	high
176170	AlmaLinux 8 : edk2 (ALSA-2023:2932)	Nessus	Alma Linux Local Security Checks	2023/5/20	2023/5/20	high
176683	RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 (RHSA-2023:3354)	Nessus	Red Hat Local Security Checks	2023/6/5	2024/11/7	critical
178429	RHEL 8 : edk2 (RHSA-2023:4128)	Nessus	Red Hat Local Security Checks	2023/7/18	2024/11/7	critical
178989	EulerOS Virtualization 2.10.0 : openssl (EulerOS-SA-2023-2489)	Nessus	Huawei Local Security Checks	2023/7/28	2023/8/10	high
186668	Oracle Linux 8 : edk2 (ELSA-2023-13025)	Nessus	Oracle Linux Local Security Checks	2023/12/7	2025/9/9	high
194919	Splunk Enterprise < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0613)	Nessus	CGI abuses	2024/5/2	2024/7/26	critical
194927	Universal Forwarders < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0614)	Nessus	CGI abuses	2024/5/2	2024/5/30	critical
188732	EulerOS 2.0 SP11 : linux-sgx (EulerOS-SA-2023-3047)	Nessus	Huawei Local Security Checks	2024/1/16	2024/1/16	high

检测

插件搜索

critical

critical

critical

critical

critical

high

high

critical

critical

high

high

critical

critical

high