The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 255bf44c-d298-11ee-9c27-40b034429ecf advisory.

  - c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local     configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using     a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an     embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory     prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0.
    No known workarounds exist. (CVE-2024-25629)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6676-1 advisory.

    Vojtch Vobr discovered that c-ares incorrectly handled user input from

    local configuration files. An attacker could possibly use this issue to

    cause a denial of service via application crash.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-835800b552 advisory.

    1.28.1 fixes a significant bug in 1.28.0.

    ----

    Update to 1.28.0. Also fixes CVE-2024-25629.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4249 advisory.

    * c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4249 advisory.

    [1.13.0-11]
    - Resolves: RHEL-26525 - c-ares: Out of bounds read in ares__read_line() [rhel-8]

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

    c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local     configuration files such as `/etc/resolv.conf`, `/etc/ nsswitch.conf`, the `HOSTALIASES` file, and if     using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an     embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory     prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0.
    No known workarounds exist.(CVE-2024-25629)

Tenable has extracted the preceding description block directly from the EulerOS c-ares security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3842 advisory.

    * c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4721 advisory.

    Node.js is a software development platform for building fast and scalable network applications in the     JavaScript programming language.

    Security Fix(es):

    * nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service     (CVE-2024-22025)

    * nghttp2: CONTINUATION frames DoS (CVE-2024-28182)

    * c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2778 advisory.

    - Backport nghttp2 patch for CVE-2024-28182

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2780 advisory.

  - A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through     resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The     vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it     possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An     attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory,     potentially leading to process termination, depending on the system configuration. (CVE-2024-22025)

  - c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local     configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using     a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an     embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory     prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0.
    No known workarounds exist. (CVE-2024-25629)

  - The team has identified a critical vulnerability in the http server of the most recent version of Node,     where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a     content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request     within the body of the first. (CVE-2024-27982)

  - An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2     frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after     reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is     abruptly closed by the client triggering the Http2Session destructor while header frames are still being     processed (and stored in memory) causing a race condition. (CVE-2024-27983)

  - nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior     to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is     reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2     v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream.
    There is no workaround for this vulnerability. (CVE-2024-28182)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2779 advisory.

  - A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through     resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The     vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it     possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An     attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory,     potentially leading to process termination, depending on the system configuration. (CVE-2024-22025)

  - c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local     configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using     a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an     embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory     prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0.
    No known workarounds exist. (CVE-2024-25629)

  - The team has identified a critical vulnerability in the http server of the most recent version of Node,     where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a     content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request     within the body of the first. (CVE-2024-27982)

  - An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2     frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after     reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is     abruptly closed by the client triggering the Http2Session destructor while header frames are still being     processed (and stored in memory) causing a race condition. (CVE-2024-27983)

  - nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior     to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is     reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2     v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream.
    There is no workaround for this vulnerability. (CVE-2024-28182)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2780 advisory.

    nodejs     [1:18.20.2-1]
    - Removes .ps1 files
    - Rebase to 18.20.2
    - Fixes: CVE-2024-27983, CVE-2024-28182, CVE-2024-27982, CVE-2024-25629

    nodejs-nodemon     nodejs-packaging

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:2779 advisory.

    * nodejs: CONTINUATION frames DoS (CVE-2024-27983)
    * nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service     (CVE-2024-22025)
    * nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)
    * nghttp2: CONTINUATION frames DoS (CVE-2024-28182)
    * c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
190958	FreeBSD : dns/c-ares -- malformatted file causes application crash (255bf44c-d298-11ee-9c27-40b034429ecf)	Nessus	FreeBSD Local Security Checks	2/24/2024	2/6/2025	medium
191637	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : c-ares vulnerability (USN-6676-1)	Nessus	Ubuntu Local Security Checks	3/6/2024	2/6/2025	medium
193345	Fedora 39 : c-ares (2024-835800b552)	Nessus	Fedora Local Security Checks	4/16/2024	2/6/2025	medium
201550	AlmaLinux 8 : c-ares (ALSA-2024:4249)	Nessus	Alma Linux Local Security Checks	7/3/2024	2/6/2025	medium
201554	Oracle Linux 8 : c-ares (ELSA-2024-4249)	Nessus	Oracle Linux Local Security Checks	7/3/2024	2/6/2025	medium
208339	EulerOS 2.0 SP11 : c-ares (EulerOS-SA-2024-2573)	Nessus	Huawei Local Security Checks	10/9/2024	2/6/2025	medium
235596	RockyLinux 9 : c-ares (RLSA-2024:3842)	Nessus	Rocky Linux Local Security Checks	5/7/2025	5/7/2025	medium
203140	RHEL 9 : nodejs (RHSA-2024:4721)	Nessus	Red Hat Local Security Checks	7/23/2024	2/6/2025	medium
195226	Oracle Linux 8 : nodejs:20 (ELSA-2024-2778)	Nessus	Oracle Linux Local Security Checks	5/9/2024	9/11/2025	medium
195229	Rocky Linux 8 : nodejs:18 (RLSA-2024:2780)	Nessus	Rocky Linux Local Security Checks	5/9/2024	2/6/2025	medium
195231	Rocky Linux 9 : nodejs:18 (RLSA-2024:2779)	Nessus	Rocky Linux Local Security Checks	5/9/2024	2/6/2025	medium
195305	Oracle Linux 8 : nodejs:18 (ELSA-2024-2780)	Nessus	Oracle Linux Local Security Checks	5/10/2024	9/11/2025	medium
196887	AlmaLinux 9 : nodejs:18 (ALSA-2024:2779)	Nessus	Alma Linux Local Security Checks	5/11/2024	2/6/2025	medium

Detections

Analytics

Plugins Search

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium