CVE-2023-29458
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.0005 Low
EPSS
Percentile
16.7%
Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| zabbix:zabbix | zabbix | eq | 5.0.34 |
| zabbix:zabbix | zabbix | eq | 6.0.17 |
| zabbix:zabbix | zabbix | eq | 6.4.2 |
CNA Affected
[
{
"defaultStatus": "affected",
"modules": [
"Proxy",
"Server"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "5.0.35rc1",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.0.34",
"status": "affected",
"version": "5,0,0",
"versionType": "git"
},
{
"changes": [
{
"at": "6.0.18rc1",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.17",
"status": "affected",
"version": "6,0,0",
"versionType": "git"
},
{
"changes": [
{
"at": "6.4.3rc1",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.4.2",
"status": "affected",
"version": "6.4.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.0alpha1",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.0alpha1 ",
"status": "affected",
"version": "7.0.0alpha1",
"versionType": "git"
}
]
}
]References
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.0005 Low
EPSS
Percentile
16.7%