Zabbix up to 7.0.3rc1 webdriver_session_query unchecked return value to null pointer dereference
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.2 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Zabbix up to 7.0.3rc1. It has been rated as problematic. This impacts the function webdriver_session_query. Performing a manipulation results in unchecked return value to null pointer dereference.
This vulnerability is identified as CVE-2024-42329. The attack is only possible with local access. There is not any exploit available.
Upgrading the affected component is advised.
Details
A vulnerability was found in Zabbix up to 7.0.3rc1. It has been classified as problematic. This affects the function webdriver_session_query. The manipulation with an unknown input leads to a unchecked return value to null pointer dereference vulnerability. CWE is classifying the issue as CWE-690. The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. This is going to have an impact on availability. The summary by CVE is:
The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd->error will be NULL and trying to read from it will result in a crash.
It is possible to read the advisory at support.zabbix.com. This vulnerability is uniquely identified as CVE-2024-42329 since 07/30/2024. The exploitability is told to be easy. Attacking locally is a requirement. Technical details of the vulnerability are known, but there is no available exploit.
Upgrading to version 7.0.4rc1 eliminates this vulnerability.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 3.3VulDB Meta Temp Score: 3.2
VulDB Base Score: 3.3
VulDB Temp Score: 3.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 3.3
CNA Vector (Zabbix): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Unchecked return value to null pointer dereferenceCWE: CWE-690 / CWE-395
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Zabbix 7.0.4rc1
Timeline
07/30/2024 🔍11/27/2024 🔍
11/27/2024 🔍
11/27/2024 🔍
Sources
Advisory: support.zabbix.comStatus: Confirmed
CVE: CVE-2024-42329 (🔍)
GCVE (CVE): GCVE-0-2024-42329
GCVE (VulDB): GCVE-100-286251
Entry
Created: 11/27/2024 15:17Updated: 11/27/2024 16:56
Changes: 11/27/2024 15:17 (63), 11/27/2024 16:56 (1)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.