CVE-2024-36461Untrusted Pointer Dereference in Zabbix

CWE-822Untrusted Pointer Dereference4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.7%
top 27.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ZabbixDebian Zabbix
Timeline
PublishedAug 12

Description

Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

debiandebian/zabbix< zabbix 1:5.0.44+dfsg-1+deb11u1 (bullseye)
Debianzabbix/zabbix< 1:5.0.44+dfsg-1+deb11u1+2
CVEListV5zabbix/zabbix7.0.0alpha17.0.0
NVDzabbix/zabbix6.0.06.0.30+2

🔴Vulnerability Details

2
GHSA
GHSA-3q27-8g46-2vwm: Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine2024-08-12
OSV
CVE-2024-36461: Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine2024-08-12

📋Vendor Advisories

1
Debian
CVE-2024-36461: zabbix - Within Zabbix, users have the ability to directly modify memory pointers in the ...2024