diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json b/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json new file mode 100644 index 0000000000000000000000000000000000000000..dd6b8db686c60f96a5513634d3e17833c184ef2a --- /dev/null +++ b/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json @@ -0,0 +1,128 @@ +{ + "month": "2024-06", + "release_time": "", + "vulnerabilities": [ + { + "month": "2024-06", + + "vul_id": { + "cve": "CVE-2024-2398", + "openharmony-sa": "" + }, + + "severity": "high", + + "vul_description": { + "zh": "如果服务器发送许多带有过多标头的PUSH_PROMISE帧,则可能会导致每个响应泄漏数MB的内存。", + "en": "If a server sends many PUSH_PROMISE frames with an excessive amount of headers, this can lead to multiple megabytes of memory leaked per response." + }, + + "vul_impact": { + "zh": "此内存泄漏可能导致大量内存消耗,进而影响使用HTTP/2服务器推送的应用程序的稳定性。", + "en": "This memory leak can lead to significant memory consumption, potentially destabilizing applications using HTTP/2 server push." + }, + + "disclosure": { + "zh": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-06.md", + "en": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2024/2024-06.md" + }, + + "patch_info": { + "4.1.x": { + "patch_url": [ + "https://gitee.com/openharmony/third_party_curl/pulls/225" + ], + "patch_file": [ + "https://gitee.com/openharmony/third_party_curl/pulls/225.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/third_party_curl/pulls/225.diff" + ] + } + }, + + "affected_projects": "third_party_curl", + + "affected_versions": [ + "4.1.0-4.1.0" + ], + + "affected_device": { + "mini": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + + "small": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + }, + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + + "standard": { + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": true, + "yara": { + "affected_files": [ + "/system/lib/platformsdk/libcurl_shared.z.so" + ], + "yara_rules": [ + "TestCaseRule-CVE-2024-2398.yara" + ] + } + } + } + }, + "arm64": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara b/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara new file mode 100644 index 0000000000000000000000000000000000000000..1a9eb156e6d053bf0cbbfc58e15fe3015877b53f --- /dev/null +++ b/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2024 Beijing University of Posts and Telecommunications. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import "console" + +rule TestCaseRule_CVE_2024_2398 +{ + meta: + date="2024-11-11" + openharmony_sa="" + cve="CVE-2024-2398" + affected_files="/system/lib/libcurl_shared.z.so" + + strings: + + $fix= {F0 B5 ?? B0 ?? 46 D0 F8 ?? ?? ?? 4D ?? 44 60 B1} + + condition: + $fix and console.log("CVE-2024-2398 testcase pass") + } + diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json b/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json new file mode 100644 index 0000000000000000000000000000000000000000..3ffb6ae672baf070a49eb1ad0b3f561bb08a5ad4 --- /dev/null +++ b/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json @@ -0,0 +1,141 @@ +{ + "month": "2024-06", + "release_time": "", + "vulnerabilities": [ + { + "month": "2024-06", + + "vul_id": { + "cve": "CVE-2024-2478", + "openharmony-sa": "" + }, + + "severity": "medium", + + "vul_description": { + "zh": "wpa_supplicant的PEAP实现中存在一个漏洞,在禁用TLS证书验证的情况下允许绕过认证,使攻击者能够跳过第二阶段认证。", + "en": "A vulnerability in wpa_supplicant's PEAP implementation allows authentication bypass when TLS certificate verification is disabled, enabling attackers to skip Phase 2 authentication." + }, + + "vul_impact": { + "zh": "此漏洞使攻击者能够伪装为企业Wi-Fi网络,对用户构成严重的安全威胁。", + "en": "This vulnerability enables attackers to impersonate Enterprise Wi-Fi networks, posing a significant security risk to users." + }, + + "disclosure": { + "zh": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-06.md", + "en": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2024/2024-06.md" + }, + + "patch_info": { + "4.0.x": { + "patch_url": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/385" + ], + "patch_file": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/385.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/385.diff" + ] + }, + "4.1.x": { + "patch_url": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/386" + ], + "patch_file": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/386.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/386.diff" + ] + } + }, + + "affected_projects": "third_party_wpa_supplicant", + + "affected_versions": [ + "4.0.0-4.0.0", + "4.1.0-4.1.0" + ], + + "affected_device": { + "mini": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + + "small": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + }, + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + + "standard": { + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": true, + "yara": { + "affected_files": [ + "/system/lib/libwpa.z.so", + "/system/lib/libwpa_sys.z.so" + ], + "yara_rules": [ + "TestCaseRule-CVE-2024-2478.yara" + ] + } + } + } + }, + "arm64": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara b/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara new file mode 100644 index 0000000000000000000000000000000000000000..70c6f94f52464ae70854114c4c68952ff7d44acf --- /dev/null +++ b/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2024 Beijing University of Posts and Telecommunications. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import "console" + +rule TestCaseRule_CVE_2024_2478 +{ + meta: + date="2024-11-11" + openharmony_sa="" + cve="CVE-2024-2478" + affected_files="/system/lib/libwpa_sys.z.so" + + strings: + + $fixstring= "EAP-PEAP: Require Phase 2 authentication for initial connection" + + condition: + $fixstring and console.log("CVE-2024-2478 testcase pass") + } +