Detections
Analytics

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.103053)

high Nessus Plugin ID 253665

Language:

Synopsis

The Nutanix AHV host is affected by multiple vulnerabilities .

Description

The version of AHV installed on the remote host is prior to 20230302.103053. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.103053 advisory.

 - inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. (CVE-2016-9840)

 - xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. (CVE-2024-55549)

 - numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal. (CVE-2025-24855)

 - An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild. (CVE-2025-27363)

 - A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. (CVE-2024-8176)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the Nutanix AHV software to the recommended version. Before upgrading: if this cluster is registered with Prism Central, ensure that Prism Central has been upgraded first to a compatible version. Refer to the Software Product Interoperability page on the Nutanix portal.

See Also

http://www.nessus.org/u?b5db1352

Plugin Details

Severity: High

ID: 253665

File Name: nutanix_NXSA-AHV-20230302_103053.nasl

Version: 1.1

Type: local

Family: Misc.

Published: 8/22/2025

Updated: 8/22/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2016-9840

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.7

Threat Score: 8.7

Threat Vector: CVSS:4.0/E:A

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2024-24786

Vulnerability Information

CPE: cpe:/o:nutanix:ahv

Required KB Items: Host/Nutanix/Data/Node/Version, Host/Nutanix/Data/Node/Type

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/22/2025

Vulnerability Publication Date: 12/4/2016

CISA Known Exploited Vulnerability Due Dates: 5/27/2025

Reference Information

CVE: CVE-2016-9840, CVE-2024-12133, CVE-2024-12243, CVE-2024-24786, CVE-2024-55549, CVE-2024-8176, CVE-2025-0395, CVE-2025-24855, CVE-2025-27363, CVE-2025-32414, CVE-2025-3576