CVE-2009-4500 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Zabbix

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 27.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zabbix Debian Zabbix

Timeline

PublishedDec 31

Latest updateMay 2

Description

The process_trap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service (crash) via a crafted request with data that lacks an expected : (colon) separator, which triggers a NULL pointer dereference.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/zabbix< zabbix 1:1.8-1 (bookworm)

▶Debianzabbix/zabbix< 1:1.8-1+3

▶NVDzabbix/zabbix1.4.6+7

🔴Vulnerability Details

GHSA

GHSA-8jg5-4gwh-7gh9: The process_trap function in trapper/trapper↗2022-05-02

▶

OSV

CVE-2009-4500: The process_trap function in trapper/trapper↗2009-12-31

▶

💥Exploits & PoCs

Exploit-DB

Hex Workshop 5.1.4 - Color Mapping File Local Buffer Overflow (PoC)↗2008-12-28

▶

📋Vendor Advisories

Debian

CVE-2009-4500: zabbix - The process_trap function in trapper/trapper.c in Zabbix Server before 1.6.6 all...↗2009

▶