The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5946-1 advisory.

    Lai Han discovered that XStream incorrectly handled certain inputs. If a user or an automated system were     tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to     cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
    (CVE-2021-39140)

    It was discovered that XStream incorrectly handled certain inputs. If a user or an automated system were     tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to     execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39139,     CVE-2021-39141, CVE-2021-39144, CVE-2021-39145, CVE-2021-39146, CVE-2021-39147, CVE-2021-39148,     CVE-2021-39149, CVE-2021-39151, CVE-2021-39153, CVE-2021-39154)

    It was discovered that XStream incorrectly handled certain inputs. If a user or an automated system were     tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to     obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
    (CVE-2021-39150, CVE-2021-39152)

    Lai Han discovered that XStream incorrectly handled certain inputs. If a user or an automated system were     tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to     cause a denial of service. (CVE-2022-41966)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : XStream vulnerabilities (USN-5946-1)

high Nessus Plugin ID 172496

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.4 Aug 28, 2024, 7:43 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202408281943
Version 1.3 Oct 16, 2023, 7:25 PM Detection Plugin Feed: 202310161925
Version 1.2 Mar 14, 2023, 2:09 PM Exploit attributes ("Exploit framework metasploit" set to "True") Plugin Feed: 202303141409
Version 1.1 Mar 13, 2023, 10:04 PM CEA reference Plugin Feed: 202303132204
Version 1.0 Mar 13, 2023, 6:45 PM New Plugin Feed: 202303131845