CVE-2023-32726 Possible buffer overread from reading DNS responses

2023-12-1809:17:47

CWE-754

Zabbix

www.cve.org

dns

buffer overread

vulnerability

improper check

rdlength

overflow

response

server

3.9 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.3%

JSON

The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Agent"
    ],
    "product": "Zabbix",
    "repo": "https://git.zabbix.com/",
    "vendor": "Zabbix",
    "versions": [
      {
        "changes": [
          {
            "at": "5.0.40",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "5.0.39",
        "status": "affected",
        "version": "5.0.0",
        "versionType": "git"
      },
      {
        "changes": [
          {
            "at": "6.0.24",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "6.0.23",
        "status": "affected",
        "version": "6.0.0",
        "versionType": "git"
      },
      {
        "changes": [
          {
            "at": "6.4.9",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "6.4.8",
        "status": "affected",
        "version": "6.4.0",
        "versionType": "git"
      },
      {
        "changes": [
          {
            "at": "7.0.0alpha8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "7.0.0alpha7",
        "status": "affected",
        "version": "7.0.0alpha1",
        "versionType": "git"
      }
    ]
  }
]