Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.8 views

CVE-2026-28221

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in printhexstring in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintfdstbuf +...

8.2CVSS6AI score0.00382EPSS
Exploits1References1
NVD
NVD
added 2026/04/29 7:16 p.m.8 views

CVE-2026-28221

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in printhexstring in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintfdstbuf +...

8.2CVSS0.00382EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/29 5:53 p.m.29 views

CVE-2026-28221 Wazuh: Pre-auth stack-based buffer overflow in wazuh-remoted print_hex_string() due to signed char promotion on x86_64

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in printhexstring in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintfdstbuf +...

6.5CVSS0.00382EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/29 5:53 p.m.7 views

CVE-2026-28221

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in printhexstring in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintfdstbuf +...

6.5CVSS6AI score0.00382EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/29 5:53 p.m.10 views

EUVD-2026-26270

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in printhexstring in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintfdstbuf +...

6.5CVSS5.9AI score0.00382EPSS
Exploits1References2
CVE
CVE
added 2026/04/29 5:53 p.m.20 views

CVE-2026-28221

CVE-2026-28221 – Wazuh pre-auth stack-based buffer overflow is confirmed in wazuh-remoted’s print_hex_string(). From versions 4.8.0 to before 4.14.4, attacker-controlled bytes are formatted with sprintf(dst_buf + 2*i, "%.2x", src_buf[i]) on signed-char platforms, causing sign-extension and an out...

8.2CVSS5.9AI score0.00382EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder