CVE-2024-42331

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-42331
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42331.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-42331
Downstream
Published
2024-11-27T12:15:21.133Z
Modified
2026-04-09T12:19:00.665118Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

In the src/libs/zbxembed/browser.c file, the esbrowserctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browserpusherror method in the src/libs/zbxembed/browser_error.c file. A use-after-free bug can occur at this stage if the wd->browser heap pointer is freed by garbage collection.

References

Affected packages

Git / github.com/zabbix/zabbix

Affected ranges

Type
GIT
Repo
https://github.com/zabbix/zabbix
Events
Introduced
49955f1fb5c9168a8a24b053f7ade6b3d903143c
Fixed
f383737f1083e25756c6afaaa8abff05ad11eb50
Database specific 
{
    "versions": [
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.0.4"
        }
    ]
}

Affected versions

7.*
7.0.0
7.0.1
7.0.1rc1
7.0.1rc2
7.0.2
7.0.2rc1
7.0.2rc2
7.0.3
7.0.3rc1
7.0.4rc1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42331.json"