Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-23855

Possible buffer overread from reading DNS responses (CVE-2023-32726)

    XMLWordPrintable

Details

    • Defect (Security)
    • Resolution: Fixed
    • Minor
    • None
    • None
    • Agent (G)
    • None

    Description

      Mitre ID CVE-2023-32726
      CVSS score 3.9
      CVSS Severity Low
      CVSS vector CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
      Summary Possible buffer overread from reading DNS responses
      Description The vulnerability is caused by improper check for RDLENGTH, if it overflows the buffer in response from DNS server.
      Common Weakness Enumeration (CWE) CWE-754: Improper Check for Unusual or Exceptional Conditions
      Common Attack Pattern Enumeration and Classification (CAPEC) CAPEC-540 Overread Buffers
      Known attack vectors This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
      Patch provided  No
      Component/s Agent
      Affected version/s and fix version/s 5.0.0 - 5.0.39 / 5.0.40
      6.0.0 - 6.0.23 / 6.0.24
      6.4.0 - 6.4.8 / 6.4.9
      7.0.0alpha1 - 7.0.0alpha6 / 7.0.0alpha8
      Fix compatibility tests None
      Resolution Fixed
      Workarounds -
      Acknowledgements This vulnerability is reported in HackerOne bounty hunter platform by Philippe Antoine (catenacyber)

      Attachments

        Activity

          People

            zabbix.support Zabbix Support Team
            mmelnikovs Maris Melnikovs
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: