CVE-2024-36468
CVSS 3.1 Score 3 of 10 (low)
Details
Summary
CVE-2024-36468 is a newly disclosed stack buffer overflow vulnerability affecting the Zabbix server and proxy. The flaw is located in the zbx_snmp_cache_handle_engineid function, where data from session->securityEngineID is copied to local_record.engineid without sufficient bounds checking. This oversight allows an attacker to inject malicious data, resulting in a buffer overflow and potential code execution. Successful exploitation could lead to server instability or remote code execution, posing a significant risk to organizations using Zabbix. It is crucial for users to apply the necessary patches as soon as possible to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Zabbix
Affected Vendors
- Zabbix LLC