CVE-2023-32722

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-32722
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-32722.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-32722
Downstream
Related
Published
2023-10-12T07:15:10.217Z
Modified
2026-06-26T03:54:15.134620563Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbxjsonopen.

Database specific 
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*"
            ],
            "source": "CPE_RANGE",
            "extracted_events": [
                {
                    "introduced": "6.4.0"
                },
                {
                    "last_affected": "6.4.5"
                }
            ],
            "vendor_product": "zabbix:zabbix"
        }
    ]
}
References

Affected packages

Git / github.com/zabbix/zabbix

Affected ranges

Type
GIT
Repo
https://github.com/zabbix/zabbix
Events
Introduced
5203d2ea7d901cd33d148f20586e2155901a7faa
Last affected
b60e269feb4d3129744eed5162e72d509d348864
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
aef542ad8aef472874199012f9b2350db16dc7ee
Last affected
72e3519b849b54011cc7792669fbcc629eb502c9
Last affected
8880b5094a533ea929452b4aebf021914df01eb8
Database specific 
{
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "extracted_events": [
        {
            "introduced": "6.0.0"
        },
        {
            "last_affected": "6.0.20"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-alpha1"
        },
        {
            "last_affected": "7.0.0-alpha2"
        },
        {
            "last_affected": "7.0.0-alpha3"
        }
    ],
    "cpe": [
        "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha1:*:*:*:*:*:*",
        "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha2:*:*:*:*:*:*",
        "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha3:*:*:*:*:*:*"
    ]
}

Affected versions

6.*
6.0.0
6.0.1
6.0.10
6.0.10rc1
6.0.10rc2
6.0.11
6.0.11rc1
6.0.11rc2
6.0.12
6.0.12rc1
6.0.12rc2
6.0.13
6.0.13rc1
6.0.14
6.0.14rc1
6.0.14rc2
6.0.15
6.0.15rc1
6.0.15rc2
6.0.16
6.0.16rc1
6.0.17
6.0.17rc1
6.0.17rc2
6.0.18
6.0.18rc1
6.0.19
6.0.19rc1
6.0.1rc1
6.0.1rc2
6.0.1rc3
6.0.1rc4
6.0.2
6.0.20
6.0.20rc1
6.0.2rc1
6.0.3
6.0.3rc1
6.0.4
6.0.4rc1
6.0.5
6.0.5rc1
6.0.6
6.0.6rc1
6.0.7
6.0.7rc1
6.0.8
6.0.8rc1
6.0.8rc2
6.0.9
6.0.9rc1
6.0.9rc2
7.*
7.0.0alpha1
7.0.0alpha2
7.0.0alpha3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-32722.json"