NewStart CGSL CORE 5.05 / MAIN 5.05 : libvpx Multiple Vulnerabilities (NS-SA-2021-0147)

high Nessus Plugin ID 154441

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libvpx packages installed that are affected by multiple vulnerabilities:

- A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-30436808. (CVE-2017-0393)

- In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 (CVE-2019-9232)

- In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 (CVE-2019-9433)

- In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:
AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770 (CVE-2020-0034)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL libvpx packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

http://security.gd-linux.com/notice/NS-SA-2021-0147

http://security.gd-linux.com/info/CVE-2017-0393

http://security.gd-linux.com/info/CVE-2019-9232

http://security.gd-linux.com/info/CVE-2019-9433

http://security.gd-linux.com/info/CVE-2020-0034

Plugin Details

Severity: High

ID: 154441

File Name: newstart_cgsl_NS-SA-2021-0147_libvpx.nasl

Version: 1.2

Type: local

Published: 10/27/2021

Updated: 10/27/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.1

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2020-0034

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_core:libvpx, p-cpe:/a:zte:cgsl_main:libvpx-devel, cpe:/o:zte:cgsl_main:5, cpe:/o:zte:cgsl_core:5, p-cpe:/a:zte:cgsl_main:libvpx-utils, p-cpe:/a:zte:cgsl_core:libvpx-utils, p-cpe:/a:zte:cgsl_main:libvpx, p-cpe:/a:zte:cgsl_core:libvpx-devel

Required KB Items: Host/local_checks_enabled, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 9/24/2021

Vulnerability Publication Date: 1/3/2017

Reference Information

CVE: CVE-2017-0393, CVE-2019-9232, CVE-2019-9433, CVE-2020-0034