Researcher Discovers Memory Leak in Zabbix Server via Out-of-Bounds Read
CVE-2024-42333

2.7LOW

Key Information:

Vendor

Zabbix

Status
Zabbix
Vendor
CVE Published:
27 November 2024

What is CVE-2024-42333?

The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c

Affected Version(s)

Zabbix 6.0.0 <= 6.0.33

Zabbix 6.4.0 <= 6.4.18

Zabbix 7.0.0 <= 7.0.3

References

https://support.zabbix.com/browse/ZBX-25629

CVSS V3.1

Score:
2.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Credit

Zabbix wants to thank chamal for submitting this report on the HackerOne bug bounty platform.
.