JavaScript engine memory pointers are directly available for Zabbix users for modification
CVE-2023-32724

8.8HIGH

Key Information:

Vendor: Zabbix
Status: Zabbix
Vendor: CVE Published:; 12 October 2023

What is CVE-2023-32724?

A critical issue has been identified in the Ducktape object within Zabbix, where improper handling of a memory pointer can lead to unauthorized direct memory access. This vulnerability could potentially allow malicious actors to manipulate the memory, leading to data integrity issues and compromising the functionality of the application. Users are encouraged to apply security updates and review their configurations to mitigate risks associated with this vulnerability.

Affected Version(s)

Zabbix 5.0.0 <= 5.0.36

Zabbix 6.0.0 <= 6.0.20

Zabbix 6.4.0 <= 6.4.5

References

https://support.zabbix.com/browse/ZBX-23391

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 12, 2023
Vulnerability Reserved
May 11, 2023

Credit

This vulnerability is found by Pavel Voit (pavelvoit) from HackerOne community.