Detections
Analytics
TencentOS Server 3: go-toolset:rhel8 (TSSA-2024:0770)
high Nessus Plugin ID 239135
Synopsis
The remote TencentOS Server 3 host is missing one or more security updates.Description
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0770 advisory.Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:
CVE-2024-24791:
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an Expect:
100-continue header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending Expect: 100-continue requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
CVE-2024-34155:
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
CVE-2024-34156:
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
CVE-2024-34158:
Calling Parse on a // +build build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://mirrors.tencent.com/tlinux/errata/tssa-20240770.xml
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158
Plugin Details
Severity: High
ID: 239135
File Name: tencentos_TSSA_2024_0770.nasl
Version: 1.1
Type: local
Family: Tencent Local Security Checks
Published: 6/16/2025
Updated: 6/16/2025
Supported Sensors: Nessus
Vulnerability Information
CPE: p-cpe:/a:tencent:tencentos_server:delve, cpe:/o:tencent:tencentos_server:3, p-cpe:/a:tencent:tencentos_server:golang, p-cpe:/a:tencent:tencentos_server:go-toolset
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/etc/os-release, Host/TencentOS/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 9/23/2024
Vulnerability Publication Date: 9/23/2024