CVE-2024-45700 — Allocation of Resources Without Limits or Throttling in Zabbix

CWE-770 — Allocation of Resources Without Limits or Throttling5 documents5 sources

Severity

6.0MEDIUMNVD

EPSS

0.2%

top 58.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zabbix

Timeline

PublishedApr 2

Description

Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted requests to the server, which will cause the server to allocate an excessive amount of memory and perform CPU-intensive decompression operations, ultimately leading to a service crash.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages3 packages

▶NVDzabbix/zabbix6.0.0 — 6.0.39+2

▶Debianzabbix/zabbix< 1:5.0.46+dfsg-1+deb11u1+2

▶CVEListV5zabbix/zabbix6.0.0 — 6.0.38+2

🔴Vulnerability Details

OSV

CVE-2024-45700: Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion↗2025-04-02

▶

CVEList

DoS vulnerability due to uncontrolled resource exhaustion↗2025-04-02

▶

GHSA

GHSA-8w8h-m7f2-m6c4: Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion↗2025-04-02

▶

📋Vendor Advisories

Debian

CVE-2024-45700: zabbix - Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource ...↗2024

▶