CVE-2024-42329 — NULL Pointer Dereference in Zabbix

CWE-476 — NULL Pointer Dereference CWE-690 — Unchecked Return Value to NULL Pointer Dereference4 documents4 sources

Severity

3.3LOWNVD

EPSS

0.0%

top 88.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zabbix Debian Zabbix

Timeline

PublishedNov 27

Description

The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd->error will be NULL and trying to read from it will result in a crash.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

▶NVDzabbix/zabbix7.0.0 — 7.0.4

▶debiandebian/zabbix< zabbix 1:7.0.5+dfsg-1 (forky)

▶Debianzabbix/zabbix< 1:7.0.5+dfsg-1+1

▶CVEListV5zabbix/zabbix7.0.0 — 7.0.3rc1

🔴Vulnerability Details

GHSA

GHSA-6cpc-423v-fx46: The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails↗2024-11-27

▶

OSV

CVE-2024-42329: The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails↗2024-11-27

▶

📋Vendor Advisories

Debian

CVE-2024-42329: zabbix - The webdriver for the Browser object expects an error object to be initialized w...↗2024

▶