Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-22989

Duktape 2.6 bug crashes JavaScript putting too many values in valstack (CVE-2023-29458)

XMLWordPrintable

      Mitre ID CVE-2023-29458
      CVSS score 5.9
      Severity Medium
      Summary JavaScript crash if too many values are put on valstack due to bug in duktape 2.6
      Description Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint.
      Known attack vectors This vulnerability could be uses to intentionally add too many values into valstack to crush JavaScript
      Patch provided  No
      Component/s Proxy, Server
      Affected version/s and fix version/s ·         Affected: 5.0.34, 6.0.17, 6.4.2, 7.0.0alpha1
      ·         Fix: 5.0.35rc1, 6.0.18rc1, 6.4.3rc1, 7.0.0alpha1
      Fix compatibility tests -
      Resolution Fixed
      Workarounds  
      Acknowledgements nepalihacker0x01

            zabbix.dev Zabbix Development Team
            mmelnikovs Maris Melnikovs
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: