Skip to main content

Zabbix CVE-2024-42326

MEDIUM
Use After Free (CWE-416)
2024-11-27 security@zabbix.com
4.4
CVSS 3.1 · Vendor: zabbix
Share

Severity by source

Vendor (zabbix) PRIMARY
4.4 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Primary rating from Vendor (zabbix) · only source for this CVE.

CVSS VectorVendor: zabbix

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
Low

Lifecycle Timeline

1
CVE Published
Nov 27, 2024 - 12:15 cve.org
MEDIUM 4.4

DescriptionCVE.org

There was discovered a use after free bug in browser.c in the es_browser_get_variant function

AnalysisAI

There was discovered a use after free bug in browser.c in the es_browser_get_variant function. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. There was discovered a use after free bug in browser.c in the es_browser_get_variant function Affected products include: Zabbix.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.

More in Zabbix

View all
CVE-2016-10134 CRITICAL POC
9.8 Feb 17

SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQ

CVE-2017-2824 HIGH POC
8.1 May 24

An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. Rated hi

CVE-2016-4338 HIGH POC
8.1 Jan 23

The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x bef

CVE-2022-43516 CRITICAL POC
9.8 Dec 05

A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in

CVE-2022-43515 CRITICAL POC
9.8 Dec 05

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addre

CVE-2022-26148 CRITICAL POC
9.8 Mar 21

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. Rated critical severity (CVSS 9.8), this

CVE-2019-17382 CRITICAL POC
9.1 Oct 09

An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. Rated critical severity

CVE-2024-22120 HIGH POC
8.8 May 17

Zabbix server can perform command execution for configured scripts. Rated high severity (CVSS 8.8), this vulnerability i

CVE-2012-3435 HIGH POC
7.5 Aug 15

SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, a

CVE-2013-6824 HIGH POC
7.5 Dec 19

Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execu

CVE-2023-32728 CRITICAL
9.8 Dec 18

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resul

CVE-2020-11800 CRITICAL
9.8 Oct 07

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. Rated critical s

Share

CVE-2024-42326 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy