Lucene search

GitHub_MVULNRICHMENT:CVE-2024-32038

HistoryApr 19, 2024 - 2:31 p.m.

CVE-2024-32038 Wazuh Analysis Engine Event Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability

2024-04-1914:31:00

CWE-122

GitHub_M

github.com

wazuh

buffer overflow

unicode

windows eventchannel

vulnerability

remote code execution

threat prevention

detection

response

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

28.8%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh Manager 4.7.2.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:wazuh:wazuh_manager:3.8.0:*:*:*:*:*:*:*"
    ],
    "vendor": "wazuh",
    "product": "wazuh_manager",
    "versions": [
      {
        "status": "affected",
        "version": "3.8.0",
        "lessThan": "4.7.2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

github.com/wazuh/wazuh/security/advisories/GHSA-fcpw-v3pg-c327

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

28.8%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-32038