Excessive Resource Abuse: A Threat to System Performance
CVE-2024-36462

7.5HIGH

Key Information:

Vendor

Zabbix

Status
Vendor
CVE Published:
12 August 2024

What is CVE-2024-36462?

The vulnerability allows attackers to exploit uncontrolled resource consumption within Zabbix, leading to excessive utilization of CPU, memory, or network bandwidth. Without proper limits and resource management, the affected systems may experience significant performance degradation, risking denial-of-service conditions. Organizations using Zabbix should remain vigilant to defend against potential exploitations of this nature that could impact system reliability.

Affected Version(s)

Zabbix 7.0.0alpha1 <= 7.0.0rc2

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Zabbix extends its gratitude to justonezero for submitting this report on the HackerOne bug bounty platform
.
CVE-2024-36462 : Excessive Resource Abuse: A Threat to System Performance