CVE-2024-42333

Name
CVE-2024-42333
Description
The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://support.zabbix.com/browse/ZBX-25629
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2024/12/msg00005.html

Match rules

CPE URI Source package Min version Max version
zabbix >= 6.0.0 <= 6.0.33
zabbix >= 6.4.0 <= 6.4.18
zabbix >= 7.0.0 <= 7.0.3
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* zabbix >= 6.0.0 < 6.0.34
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* zabbix >= 6.4.0 < 6.4.19
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* zabbix >= 7.0.0 < 7.0.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
zabbix edge-community 7.0.1-r0 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
zabbix 3.22-community 7.0.1-r0 None possibly vulnerable
zabbix 3.20-community 6.4.18-r0 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable