Search criteria
2 vulnerabilities found for zabbix-agent by zabbix
CVE-2023-32726 (GCVE-0-2023-32726)
Vulnerability from nvd – Published: 2023-12-18 09:17 – Updated: 2025-11-03 21:48
VLAI?
Title
Possible buffer overread from reading DNS responses
Summary
The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
Impacted products
Credits
This vulnerability is found by Philippe Antoine (catenacyber) from HackerOne community.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:48:40.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.zabbix.com/browse/ZBX-23855"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMFKNV5E4LG2DIZNPRWQ2ENH75H6UEQT/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BYSYLA7VTHR25CBLYO5ZLEJFGU7HTHQB/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00012.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Agent"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "5.0.40",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.0.39",
"status": "affected",
"version": "5.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "6.0.24",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.23",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "6.4.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.4.8",
"status": "affected",
"version": "6.4.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.0alpha8",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.0alpha7",
"status": "affected",
"version": "7.0.0alpha1",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "This vulnerability is found by Philippe Antoine (catenacyber) from HackerOne community."
}
],
"datePublic": "2023-11-06T11:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server."
}
],
"value": "The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server."
}
],
"impacts": [
{
"capecId": "CAPEC-540",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-540 Overread Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-24T22:06:40.879Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-23855"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMFKNV5E4LG2DIZNPRWQ2ENH75H6UEQT/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BYSYLA7VTHR25CBLYO5ZLEJFGU7HTHQB/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00012.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Possible buffer overread from reading DNS responses",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2023-32726",
"datePublished": "2023-12-18T09:17:47.628Z",
"dateReserved": "2023-05-11T21:25:43.368Z",
"dateUpdated": "2025-11-03T21:48:40.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-32726 (GCVE-0-2023-32726)
Vulnerability from cvelistv5 – Published: 2023-12-18 09:17 – Updated: 2025-11-03 21:48
VLAI?
Title
Possible buffer overread from reading DNS responses
Summary
The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
Impacted products
Credits
This vulnerability is found by Philippe Antoine (catenacyber) from HackerOne community.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:48:40.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.zabbix.com/browse/ZBX-23855"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMFKNV5E4LG2DIZNPRWQ2ENH75H6UEQT/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BYSYLA7VTHR25CBLYO5ZLEJFGU7HTHQB/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00012.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Agent"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "5.0.40",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.0.39",
"status": "affected",
"version": "5.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "6.0.24",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.23",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "6.4.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.4.8",
"status": "affected",
"version": "6.4.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.0alpha8",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.0alpha7",
"status": "affected",
"version": "7.0.0alpha1",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "This vulnerability is found by Philippe Antoine (catenacyber) from HackerOne community."
}
],
"datePublic": "2023-11-06T11:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server."
}
],
"value": "The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server."
}
],
"impacts": [
{
"capecId": "CAPEC-540",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-540 Overread Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-24T22:06:40.879Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-23855"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMFKNV5E4LG2DIZNPRWQ2ENH75H6UEQT/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BYSYLA7VTHR25CBLYO5ZLEJFGU7HTHQB/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00012.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Possible buffer overread from reading DNS responses",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2023-32726",
"datePublished": "2023-12-18T09:17:47.628Z",
"dateReserved": "2023-05-11T21:25:43.368Z",
"dateUpdated": "2025-11-03T21:48:40.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}