Detections
Analytics
Ubuntu 16.04 ESM / 20.04 ESM : uriparser vulnerabilities (USN-5256-2)
medium Nessus Plugin ID 183589
Language:
Synopsis
The remote Ubuntu host is missing one or more security updates.Description
The remote Ubuntu 16.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5256-2 advisory.- An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner. (CVE-2021-46141)
- An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax. (CVE-2021-46142)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected liburiparser-dev and / or liburiparser1 packages.See Also
Plugin Details
Severity: Medium
ID: 183589
File Name: ubuntu_USN-5256-2.nasl
Version: 1.0
Type: local
Agent: unix
Family: Ubuntu Local Security Checks
Published: 10/20/2023
Updated: 10/20/2023
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.4
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2021-46142
CVSS v3
Risk Factor: Medium
Base Score: 5.5
Temporal Score: 5
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:canonical:ubuntu_linux:16.04:-:esm, cpe:/o:canonical:ubuntu_linux:20.04:-:esm, p-cpe:/a:canonical:ubuntu_linux:liburiparser-dev, p-cpe:/a:canonical:ubuntu_linux:liburiparser1
Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 7/18/2022
Vulnerability Publication Date: 1/6/2022
Reference Information
CVE: CVE-2021-46141, CVE-2021-46142
USN: 5256-2