CVE-2025-59938

CVE-2025-59938 affects Wazuh wazuh-analysisd in versions 3.8.0 through 4.10.x (before 4.11.0). The issue is a heap buffer overflow when parsing XML elements from Windows EventChannel messages, with a documented fix in version 4.11.0. CVSS 3.1 base score 6.5 (Medium) indicates impact limited to av...

CVE-2025-59938 Heap buffer overflow in wazuh-analysisd

Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions starting from 3.8.0 to before 4.11.0, wazuh-analysisd is vulnerable to a heap buffer overflow when parsing XML elements from Windows EventChannel messages. This issue has been patched in...

CVE-2025-59938 Heap buffer overflow in wazuh-analysisd

Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions starting from 3.8.0 to before 4.11.0, wazuh-analysisd is vulnerable to a heap buffer overflow when parsing XML elements from Windows EventChannel messages. This issue has been patched in...

CVE-2024-32038

Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh...

PT-2023-9080 · Wazuh · Wazuh Manager

Name of the Vulnerable Software and Affected Versions: Wazuh Manager versions 3.8.0 through 4.7.1 Description: The issue is related to a buffer overflow hazard in the wazuh-analysisd service when handling Unicode characters from Windows Eventchannel messages. This can be exploited by a remote...