SB20250416164 - Tenable Security Center update for third-party components
Published: April 16, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 16 secuirty vulnerabilities.
1) Resource management error (CVE-ID: CVE-2025-1219)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists in libxml streams due to usage of an incorrect Content-Type header when requesting a redirected resource. A remote attacker can leverage this vulnerability to perform content spoofing or XSS attacks.
2) Out-of-bounds write (CVE-ID: CVE-2024-9143)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when using the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial. A remote attacker can send specially crafted input to the server, trigger an out-of-bounds write and perform a denial of service (DoS) attack.
Note, the vulnerability can be exploited against the application in rare cases only that involve "exotic" curve encoding.
3) Covert Timing Channel (CVE-ID: CVE-2024-13176)
The vulnerability allows a remote attacker to recover a private key.
The vulnerability exists due to a timing side-channel in ECDSA signature computations. A remote attacker can recover the private key and decrypt data.
Successful exploitation of the vulnerability requires that the attacker's process must either be located in the same physical computer or must have a very fast network connection with low latency.
4) Input validation error (CVE-ID: CVE-2025-1217)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to Header parser of HTTP Stream wrapper does not handle folded headers. A remote attacker can perform spoofing attack by manipulating HTTP headers.
5) Input validation error (CVE-ID: CVE-2025-1734)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to the Streams HTTP wrapper does not fail for headers without a colon. A remote attacker can potentially perform header injection, which can lead to a spoofing attack.
6) Input validation error (CVE-ID: CVE-2025-1861)
The vulnerability allows a remote attacker to redirect the application to a malicious URL.
The vulnerability exists due to insufficient validation of user-supplied input. The Stream HTTP wrapper truncates redirect location to 1024 bytes, which can lead to the application being redirected to a wrong URL.
7) Improper Authentication (CVE-ID: CVE-2025-1736)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in Stream HTTP wrapper header check, which can omit Basic authentication header. A remote attacker can bypass authentication mechanisms that rely on Basic authentication.
8) Double free (CVE-ID: CVE-2024-6197)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ASN1 parser within the utf8asn1str() function. A remote attacker can pass specially crafted TLS certificate to the application, trigger double free error and execute arbitrary code on the target system.
The vulnerable code can only be reached when curl is built to use GnuTLS, wolfSSL, Schannel or Secure Transport.
9) Resource management error (CVE-ID: CVE-2025-0665)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when built with the threaded resolver. A remote attacker can force the application to wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve
10) Out-of-bounds read (CVE-ID: CVE-2024-6874)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the curl_url_get() function when parsing IDN URLs. A remote attacker can pass a specially crafted URL to the application, trigger an out-of-bounds read error and read contents of memory on the system.
11) Out-of-bounds read (CVE-ID: CVE-2024-7264)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the ASN1 parser code in the GTime2str() function. A remote attacker can trigger an out-of-bounds read error and cause a denial of service condition on the system.
12) Improper certificate validation (CVE-ID: CVE-2024-8096)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to curl might fail to detect some OCSP problems when configured to use the Certificate Status Request TLS extension. A remote attacker can bypass OCSP stapling protection and perform a Man-in-the-Middle (MitM) attack.
Successful exploitation of the vulnerability requires that curl is build to use GnuTLS library.
13) Comparison using wrong factors (CVE-ID: CVE-2024-9681)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error in HSTS cache implementation. When curl is asked to use HSTS, the expiry time for a subdomain can overwrite a parent domain's cache entry, making it end sooner or later
than otherwise intended. This can lead to situations when the website becomes unavailable or force the client to switch to HTTP from HTTP connection earlier than intended.
14) Information disclosure (CVE-ID: CVE-2024-11053)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error when using a .netrc file for credentials and an instruction to follow HTTP redirects. The cURL library can leak credentials intended for the first URL prior to redirection. This however will only occur if the .netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.
15) Information disclosure (CVE-ID: CVE-2025-0167)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to application can leak credentials when asked to use a .netrc file for credentials and to follow HTTP redirects. A remote attacker can gain access to sensitive information.
16) Integer overflow (CVE-ID: CVE-2025-0725)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when handling gzip decompression of content-encoded HTTP responses with the CURLOPT_ACCEPT_ENCODING option using zlib 1.2.0.3 or older. A remote attacker can send specially crafted response to the application, trigger an integer overflow and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.