Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-23390

Stack-buffer Overflow in library module zbxjson (CVE-2023-32722)

XMLWordPrintable

      Mitre ID CVE-2023-32722
      CVSS score 9.6
      https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
      Severity Critical
      Summary Stack-buffer Overflow in library module zbxjson
      Description The zabbix/src/libs/zbxjson module of Zabbix 6.4.4 is vulnerable to a buffer overflow when parsing json files via zbx_json_open.
      Known attack vectors Stack based buffer overflows usually lead to remote code execution.
      Patch provided  No
      Component/s Agent, Proxy, Server
      Affected version/s and fix version/s 6.0.0 - 6.0.20 / 6.0.21rc1
      6.4.0 - 6.4.5 / 6.4.6rc1
      7.0.0alpha1 - 7.0.0alpha3 / 7.0.0alpha4
      Fix compatibility tests -
      Resolution Fixed
      Workarounds -
      Acknowledgements This vulnerability is reported in HackerOne platform by Koffi (kandersonko)

            mmelnikovs Maris Melnikovs (Inactive)
            mmelnikovs Maris Melnikovs (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: