PT-2025-44313

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.10.2 Description Wazuh, a platform for threat prevention, detection, and response, contains a flaw in the fillData implementation. This implementation does not verify if a value is NULL before utilizing os strdup on i...

PT-2025-44323

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.11.0 Description Wazuh is a platform for threat prevention, detection, and response. A flaw exists in the fim alert implementation where it does not verify if the return value of ctime r is NULL before using it with...

PT-2025-44324

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.11.0 Description Wazuh is a platform for threat prevention, detection, and response. A flaw exists in the fim fetch attributes state implementation where it does not verify if time string is NULL before applying strle...

CVE-2025-59938 Heap buffer overflow in wazuh-analysisd

Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions starting from 3.8.0 to before 4.11.0, wazuh-analysisd is vulnerable to a heap buffer overflow when parsing XML elements from Windows EventChannel messages. This issue has been patched in...

CVE-2025-59938 Heap buffer overflow in wazuh-analysisd

Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions starting from 3.8.0 to before 4.11.0, wazuh-analysisd is vulnerable to a heap buffer overflow when parsing XML elements from Windows EventChannel messages. This issue has been patched in...

CVE-2025-59938

CVE-2025-59938 affects Wazuh wazuh-analysisd in versions 3.8.0 through 4.10.x (before 4.11.0). The issue is a heap buffer overflow when parsing XML elements from Windows EventChannel messages, with a documented fix in version 4.11.0. CVSS 3.1 base score 6.5 (Medium) indicates impact limited to av...

CVE-2024-32038

Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh...

CVE-2023-49275 Wazuh vulnerable to NULL Pointer Dereference in wazuh-analysisd

Wazuh is a free and open source platform used for threat prevention, detection, and response. A NULL pointer dereference was detected during fuzzing of the analysis engine, allowing malicious clients to DoS the analysis engine. The bug occurs when analysisd receives a syscollector message with th...

PT-2024-13720 · Wazuh · Wazuh

Name of the Vulnerable Software and Affected Versions: Wazuh versions prior to 4.7.1 Description: A NULL pointer dereference was detected in the analysis engine of Wazuh, a free and open source platform used for threat prevention, detection, and response. This issue occurs when the analysisd...

PT-2023-9080 · Wazuh · Wazuh Manager

Name of the Vulnerable Software and Affected Versions: Wazuh Manager versions 3.8.0 through 4.7.1 Description: The issue is related to a buffer overflow hazard in the wazuh-analysisd service when handling Unicode characters from Windows Eventchannel messages. This can be exploited by a remote...

CVE-2020-8444

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a use-after-free during processing of ossec-alert formatted msgs received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted...

CVE-2020-8444

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a use-after-free during processing of ossec-alert formatted msgs received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted...

CVE-2020-8443

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs received from authenticated remote agents and delivered to the analysisd processing queue by...

CVE-2020-8444

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a use-after-free during processing of ossec-alert formatted msgs received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted...

CVE-2020-8447

OSSEC-HIDS CVE-2020-8447 affects ossec-analysisd (server component) in versions 2.7 through 3.5.0, with a use-after-free vulnerability when processing syscheck-formatted messages delivered to the analysis queue by ossec-remoted. Impact is high (CVE details indicate partial confidentiality/integri...

PT-2020-20148 · Trend Micro · Ossec-Hids

Name of the Vulnerable Software and Affected Versions: OSSEC-HIDS versions 2.7 through 3.5.0 Description: The issue affects the server component responsible for log analysis, ossec-analysisd, which is vulnerable to a denial of service due to a NULL pointer dereference. This can be triggered by...

PT-2020-20147 · Trend Micro · Ossec-Hids

Name of the Vulnerable Software and Affected Versions: OSSEC-HIDS versions 2.7 through 3.5.0 Description: The server component responsible for log analysis, ossec-analysisd, is vulnerable to a use-after-free during processing of syscheck formatted msgs. These messages are received from...

OSSEC-HIDS Security Audit Findings

Hi folks, I spent some free time recently auditing OSSEC. I w...