CVE-2024-42333 — Buffer Over-read in Zabbix

CWE-126 — Buffer Over-read5 documents5 sources

Severity

2.7LOWNVD

EPSS

0.1%

top 73.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zabbix

Timeline

PublishedNov 27

Description

The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages3 packages

▶NVDzabbix/zabbix6.0.0 — 6.0.34+2

▶Debianzabbix/zabbix< 1:5.0.45+dfsg-1+deb11u1+2

▶CVEListV5zabbix/zabbix6.0.0 — 6.0.33+2

🔴Vulnerability Details

GHSA

GHSA-jm5w-96w4-8pcq: The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email↗2024-11-27

▶

CVEList

Heap buffer over-read↗2024-11-27

▶

OSV

CVE-2024-42333: The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email↗2024-11-27

▶

📋Vendor Advisories

Debian

CVE-2024-42333: zabbix - The researcher is showing that it is possible to leak a small amount of Zabbix S...↗2024

▶