-
Defect (Security)
-
Resolution: Fixed
-
Critical
-
4.0.7, 4.2.1
-
Sprint 53 (Jun 2019), Sprint 54 (Jul 2019)
-
0.25
Quoting myself:
Zabbix currently sets the recursion limit to 1000000, which is a bit optimistic and does not really protect against stack overflows.
For the reference, default value for PHP is 100000 (10 times less).
man pcrestack provides some useful insights, particularly:
As a very rough rule of thumb, you should reckon on about 500 bytes per recursion. Thus, if you want to limit your stack usage to 8Mb, you should set the limit at 16000 recursions. A 64Mb stack, on the other hand, can support around 128000 recursions.
This can be considered a security flaw, because you don't need tremendous permissions to configure a preprocessing rule with sub-optimal regexp and send a suitable value via zabbix_sender to bring Zabbix server down due to stack overflow (see ZBX-15711 for real life example).