CVE-2023-32726 — Improper Check for Unusual or Exceptional Conditions in Zabbix

CWE-754 — Improper Check for Unusual or Exceptional Conditions4 documents4 sources

Severity

8.1HIGHNVD

EPSS

0.1%

top 67.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zabbix Debian Zabbix Zabbix Zabbix-agent

Timeline

PublishedDec 18

Latest updateDec 22

Description

The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/zabbix< zabbix 1:5.0.44+dfsg-1+deb11u1 (bullseye)

▶Debianzabbix/zabbix< 1:5.0.44+dfsg-1+deb11u1+2

▶CVEListV5zabbix/zabbix5.0.0 — 5.0.39+3

▶NVDzabbix/zabbix-agent5.0.0 — 5.0.39+3

🔴Vulnerability Details

GHSA

GHSA-fqr7-2x83-wf2r: The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server↗2023-12-22

▶

OSV

CVE-2023-32726: The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server↗2023-12-18

▶

📋Vendor Advisories

Debian

CVE-2023-32726: zabbix - The vulnerability is caused by improper check for check if RDLENGTH does not ove...↗2023

▶