Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-32722: [ZBX-23390] Stack-buffer Overflow in library module zbxjson (CVE-2023-32722)

The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.

CVE
Open in Source
#vulnerability#js#rce#buffer_overflow

Mitre ID

CVE-2023-32722

CVSS score

9.6
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity

Critical

Summary

Stack-buffer Overflow in library module zbxjson

Description

The zabbix/src/libs/zbxjson module of Zabbix 6.4.4 is vulnerable to a buffer overflow when parsing json files via zbx_json_open.

Known attack vectors

Stack based buffer overflows usually lead to remote code execution.

Patch provided

No

Component/s

Agent, Proxy, Server

Affected version/s and fix version/s

6.0.0 - 6.0.20 / 6.0.21rc1
6.4.0 - 6.4.5 / 6.4.6rc1
7.0.0alpha1 - 7.0.0alpha3 / 7.0.0alpha4

Fix compatibility tests

-

Resolution

Fixed

Workarounds

-

Acknowledgements

This vulnerability is reported in HackerOne platform by Koffi (kandersonko)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE