Fluid Attacks Database

Description

Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	zabbix	=1:5.0.14+dfsg-1 \|\| =1:5.0.14+dfsg-1~bpo11+1 \|\| =1:5.0.17+dfsg-1 \|\| =1:5.0.17+dfsg-1~bpo11+1 \|\| =1:5.0.8+dfsg-1 \|\| >=0 <1:5.0.44+dfsg-1+deb11u1	1:5.0.44+dfsg-1+deb11u1
debian 12	zabbix	=1:6.0.14+dfsg-1 \|\| =1:6.0.23+dfsg-1 \|\| =1:6.0.23+dfsg-1~bpo12+1 \|\| =1:6.0.24+dfsg-1 \|\| =1:6.0.25+dfsg-1 \|\| =1:6.0.29+dfsg-1 \|\| =1:7.0.0+dfsg-1 \|\| =1:7.0.0+dfsg-2 \|\| =1:7.0.0+dfsg-2~bpo12+1 \|\| =1:7.0.1+dfsg-1 \|\| =1:7.0.1+dfsg-1~bpo12+1 \|\| =1:7.0.10+dfsg-1 \|\| =1:7.0.10+dfsg-2 \|\| =1:7.0.2+dfsg-1 \|\| =1:7.0.2+dfsg-1~bpo12+1 \|\| =1:7.0.22+dfsg-1 \|\| =1:7.0.22+dfsg-1~bpo13+1 \|\| =1:7.0.22+dfsg-1~deb13u1 \|\| =1:7.0.3+dfsg-1 \|\| =1:7.0.5+dfsg-1 \|\| =1:7.0.5+dfsg-1~bpo12+1 \|\| =1:7.0.6+dfsg-1 \|\| =1:7.0.9+dfsg-1 \|\| =1:7.0.9+dfsg-1~bpo12+1	-
debian 13	zabbix	>=0 <1:6.0.23+dfsg-1	1:6.0.23+dfsg-1
debian 14	zabbix	>=0 <1:6.0.23+dfsg-1	1:6.0.23+dfsg-1

Aliases

1. CVE-2023-294582. NVD-2023-294583. OSV-DEBIAN-2023-294584. OSV-2023-294585. SECURITY-TRACKER-CVE-2023-29458

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.