Tenable's Passive Vulnerability Scanner (PVS) uses third-party libraries to provide certain standardized functionality. Two of these libraries were found to contain vulnerabilities and were fixed upstream. Those fixes have been integrated despite there being no known exploitation scenarios related to PVS. OpenSSL ASN.1 Encoder Negative Zero Value Handling Remote Memory Corruption OpenSSL AES-NI CBC MAC Check Padding Oracle MitM Information Disclosure OpenSSL crypto/evp/encode.c EVP_EncodeUpdate() Function Heap Buffer Overflow Weakness OpenSSL crypto/evp/evp_enc.c EVP_EncryptUpdate() Function Heap Buffer Overflow Weakness OpenSSL crypto/x509/x509_obj.c X509_NAME_oneline() Function ASN1 Strings Handling Out-of-bounds Read Memory Disclosure OpenSSL crypto/asn1/a_d2i_fp.c ASN.1 BIO Length Field Handling Memory Exhaustion Remote DoS SQLite FTS5 Extension Corrupt Database Query Handling Unspecified Buffer Overflow SQLite fts3_tokenizer() Function Optional Second Argument Handling Arbitrary Code Execution Note that the CVSSv2 score associated with this advisory is specific to the OpenSSL integration into PVS and assumes a worst-case scenario. These updates are proactive; Tenable has had no reports of exploitation and some of these issues may not impact PVS at all. Please note that Tenable strongly recommends that PVS be installed on a subnet that is not Internet addressable.
Vulmon