Fluid Attacks Database

Description

The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	zabbix	=1:6.0.14+dfsg-1 \|\| =1:6.0.23+dfsg-1 \|\| =1:6.0.23+dfsg-1~bpo12+1 \|\| =1:6.0.24+dfsg-1 \|\| =1:6.0.25+dfsg-1 \|\| =1:6.0.29+dfsg-1 \|\| =1:7.0.0+dfsg-1 \|\| =1:7.0.0+dfsg-2 \|\| =1:7.0.0+dfsg-2~bpo12+1 \|\| =1:7.0.1+dfsg-1 \|\| =1:7.0.1+dfsg-1~bpo12+1 \|\| =1:7.0.10+dfsg-1 \|\| =1:7.0.10+dfsg-2 \|\| =1:7.0.2+dfsg-1 \|\| =1:7.0.2+dfsg-1~bpo12+1 \|\| =1:7.0.22+dfsg-1 \|\| =1:7.0.22+dfsg-1~bpo13+1 \|\| =1:7.0.22+dfsg-1~deb13u1 \|\| =1:7.0.3+dfsg-1 \|\| =1:7.0.5+dfsg-1 \|\| =1:7.0.5+dfsg-1~bpo12+1 \|\| =1:7.0.6+dfsg-1 \|\| =1:7.0.9+dfsg-1 \|\| =1:7.0.9+dfsg-1~bpo12+1	-
debian 11	zabbix	=1:5.0.14+dfsg-1 \|\| =1:5.0.14+dfsg-1~bpo11+1 \|\| =1:5.0.17+dfsg-1 \|\| =1:5.0.17+dfsg-1~bpo11+1 \|\| =1:5.0.44+dfsg-1+deb11u1 \|\| =1:5.0.8+dfsg-1 \|\| >=0 <1:5.0.45+dfsg-1+deb11u1	1:5.0.45+dfsg-1+deb11u1
debian 13	zabbix	>=0 <1:7.0.5+dfsg-1	1:7.0.5+dfsg-1
debian 14	zabbix	>=0 <1:7.0.5+dfsg-1	1:7.0.5+dfsg-1

Aliases

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.