Stack-buffer Overflow in library module zbxjson
CVE-2023-32722

9.6CRITICAL

Key Information:

Vendor: Zabbix
Status: Zabbix
Vendor: CVE Published:; 12 October 2023

What is CVE-2023-32722?

A vulnerability has been identified in the Zabbix JSON parsing module, specifically within the zbx_json_open function. This issue could allow an attacker to exploit a buffer overflow condition while processing crafted JSON files. Such an exploit may lead to unexpected behavior, potentially allowing for arbitrary code execution. It is crucial for users of affected Zabbix versions to apply the latest patches to mitigate this security risk.

Affected Version(s)

Zabbix 6.0.0 <= 6.0.20

Zabbix 6.4.0 <= 6.4.5

Zabbix 7.0.0alpha1 <= 7.0.0alpha3

References

https://support.zabbix.com/browse/ZBX-23390

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 12, 2023
Vulnerability Reserved
May 11, 2023

Credit

This vulnerability is found by Koffi (kandersonko) from HackerOne community.