CVE-2006-6693 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Zabbix

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.0%

top 23.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zabbix Debian Zabbix

Timeline

PublishedDec 21

Latest updateMay 1

Description

Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long strings to the (1) zabbix_log and (2) zabbix_syslog functions.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/zabbix< zabbix 1:1.1.2-4 (bookworm)

▶Debianzabbix/zabbix< 1:1.1.2-4+3

▶NVDzabbix/zabbix1.1.2

🔴Vulnerability Details

GHSA

GHSA-v49g-5qr7-mhrh: Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary co↗2022-05-01

▶

OSV

CVE-2006-6693: Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary co↗2006-12-21

▶

📋Vendor Advisories

Debian

CVE-2006-6693: zabbix - Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a d...↗2006

▶