Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-32726

Summary
Assigner-Zabbix
Assigner Org ID-72de3e22-0555-4a0d-ae81-9249e0f0a1e8
Published At-18 Dec, 2023 | 09:17
Updated At-03 Nov, 2025 | 21:48
Rejected At-
Credits

Possible buffer overread from reading DNS responses

The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Zabbix
Assigner Org ID:72de3e22-0555-4a0d-ae81-9249e0f0a1e8
Published At:18 Dec, 2023 | 09:17
Updated At:03 Nov, 2025 | 21:48
Rejected At:
▼CVE Numbering Authority (CNA)
Possible buffer overread from reading DNS responses

The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.

Affected Products
Vendor
ZABBIXZabbix
Product
Zabbix
Repo
https://git.zabbix.com/
Modules
  • Agent
Default Status
unaffected
Versions
Affected
  • From 5.0.0 through 5.0.39 (git)
    • -> unaffectedfrom5.0.40
  • From 6.0.0 through 6.0.23 (git)
    • -> unaffectedfrom6.0.24
  • From 6.4.0 through 6.4.8 (git)
    • -> unaffectedfrom6.4.9
  • From 7.0.0alpha1 through 7.0.0alpha7 (git)
    • -> unaffectedfrom7.0.0alpha8
Problem Types
TypeCWE IDDescription
CWECWE-754CWE-754: Improper Check for Unusual or Exceptional Conditions
Type: CWE
CWE ID: CWE-754
Description: CWE-754: Improper Check for Unusual or Exceptional Conditions
Metrics
VersionBase scoreBase severityVector
3.13.9LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 3.9
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-540CAPEC-540 Overread Buffers
CAPEC ID: CAPEC-540
Description: CAPEC-540 Overread Buffers
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
This vulnerability is found by Philippe Antoine (catenacyber) from HackerOne community.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.zabbix.com/browse/ZBX-23855
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMFKNV5E4LG2DIZNPRWQ2ENH75H6UEQT/
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BYSYLA7VTHR25CBLYO5ZLEJFGU7HTHQB/
N/A
https://lists.debian.org/debian-lts-announce/2024/01/msg00012.html
N/A
Hyperlink: https://support.zabbix.com/browse/ZBX-23855
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMFKNV5E4LG2DIZNPRWQ2ENH75H6UEQT/
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BYSYLA7VTHR25CBLYO5ZLEJFGU7HTHQB/
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/01/msg00012.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.zabbix.com/browse/ZBX-23855
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMFKNV5E4LG2DIZNPRWQ2ENH75H6UEQT/
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BYSYLA7VTHR25CBLYO5ZLEJFGU7HTHQB/
x_transferred
https://lists.debian.org/debian-lts-announce/2024/01/msg00012.html
x_transferred
https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html
N/A
Hyperlink: https://support.zabbix.com/browse/ZBX-23855
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMFKNV5E4LG2DIZNPRWQ2ENH75H6UEQT/
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BYSYLA7VTHR25CBLYO5ZLEJFGU7HTHQB/
Resource:
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/01/msg00012.html
Resource:
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@zabbix.com
Published At:18 Dec, 2023 | 10:15
Updated At:03 Nov, 2025 | 22:16

The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.13.9LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
Primary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 3.9
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
ZABBIX
zabbix
>>zabbix-agent>>Versions from 5.0.0(inclusive) to 5.0.39(inclusive)
cpe:2.3:a:zabbix:zabbix-agent:*:*:*:*:*:*:*:*
ZABBIX
zabbix
>>zabbix-agent>>Versions from 6.0.0(inclusive) to 6.0.23(inclusive)
cpe:2.3:a:zabbix:zabbix-agent:*:*:*:*:*:*:*:*
ZABBIX
zabbix
>>zabbix-agent>>Versions from 6.4.0(inclusive) to 6.4.8(inclusive)
cpe:2.3:a:zabbix:zabbix-agent:*:*:*:*:*:*:*:*
ZABBIX
zabbix
>>zabbix-agent>>7.0.0
cpe:2.3:a:zabbix:zabbix-agent:7.0.0:alpha1:*:*:*:*:*:*
ZABBIX
zabbix
>>zabbix-agent>>7.0.0
cpe:2.3:a:zabbix:zabbix-agent:7.0.0:alpha6:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-754Secondarysecurity@zabbix.com
CWE-754Primarynvd@nist.gov
CWE ID: CWE-754
Type: Secondary
Source: security@zabbix.com
CWE ID: CWE-754
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://lists.debian.org/debian-lts-announce/2024/01/msg00012.htmlsecurity@zabbix.com
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BYSYLA7VTHR25CBLYO5ZLEJFGU7HTHQB/security@zabbix.com
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMFKNV5E4LG2DIZNPRWQ2ENH75H6UEQT/security@zabbix.com
N/A
https://support.zabbix.com/browse/ZBX-23855security@zabbix.com
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00012.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.debian.org/debian-lts-announce/2024/10/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BYSYLA7VTHR25CBLYO5ZLEJFGU7HTHQB/af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMFKNV5E4LG2DIZNPRWQ2ENH75H6UEQT/af854a3a-2127-422b-91ae-364da2661108
N/A
https://support.zabbix.com/browse/ZBX-23855af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/01/msg00012.html
Source: security@zabbix.com
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BYSYLA7VTHR25CBLYO5ZLEJFGU7HTHQB/
Source: security@zabbix.com
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMFKNV5E4LG2DIZNPRWQ2ENH75H6UEQT/
Source: security@zabbix.com
Resource: N/A
Hyperlink: https://support.zabbix.com/browse/ZBX-23855
Source: security@zabbix.com
Resource:
Vendor Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/01/msg00012.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BYSYLA7VTHR25CBLYO5ZLEJFGU7HTHQB/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMFKNV5E4LG2DIZNPRWQ2ENH75H6UEQT/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://support.zabbix.com/browse/ZBX-23855
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2024-4611
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.1||HIGH
EPSS-2.32% / 84.60%
||
7 Day CHG~0.00%
Published-29 May, 2024 | 04:30
Updated-05 Jun, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AppPresser <= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass

The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they previously used the login via the plugin API. This can only be exploited if the 'openssl' php extension is not loaded on the server.

Action-Not Available
Vendor-apppresserscottopolisapppresser
Product-apppresserAppPresser – Mobile App Frameworkapppresser
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2020-7982
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-2.91% / 86.20%
||
7 Day CHG-1.46%
Published-16 Mar, 2020 | 21:05
Updated-04 Aug, 2024 | 09:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification).

Action-Not Available
Vendor-n/aOpenWrt
Product-ledeopenwrtn/a
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
Details not found