6.4.2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

zabbix

CWE-129

NVD

Published: 2023-07-13

Updated: 2023-07-25

Summary

Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.

Vulnerable Configurations

Part	Description	Count
Application	Zabbix Zabbix Zabbix 5.0.34 Zabbix Zabbix 6.0.17 Zabbix Zabbix 6.4.2	3

Common Weakness Enumeration (CWE)

CWE-129 - Improper Validation of Array Index

Common Attack Pattern Enumeration and Classification (CAPEC)

Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.

References

https://support.zabbix.com/browse/ZBX-22989