[Git][security-tracker-team/security-tracker][master] CVE-2024-36468/zabbix not affecting bookworm, bullseye

Sat, 07 Dec 2024 01:20:38 -0800 


Tobias Frost pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
44b8ca32 by Tobias Frost at 2024-12-07T10:15:55+01:00
CVE-2024-36468/zabbix not affecting bookworm, bullseye

the vulnerable functionality is in the handling of cached SNMP
engineIDs, function zbx_snmp_cache_handle_engineid

By bisecting the upstream git repo, I can triage that This function was
first seen in 7.0.0beta1, commit 3850cd1cfea328baabafd26e56bc425ddff95eac

$git tag --contains 3850cd1cfea328baabafd26e56bc425ddff95eac
7.0.0
7.0.0beta1
7.0.0beta2
7.0.0beta3
7.0.0rc1
7.0.0rc2
7.0.0rc3
7.0.1
7.0.1rc1
7.0.1rc2
7.0.2
7.0.2rc1
7.0.2rc2
7.0.3
7.0.3rc1
7.0.4
7.0.4rc1
7.0.5
7.0.5rc1
7.2.0alpha1

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2113,8 +2113,11 @@ CVE-2024-37816 (Quectel EC25-EUX EC25EUXGAR08A05M1G was 
discovered to contain a
        NOT-FOR-US: Quectel
 CVE-2024-36468 (The reported vulnerability is a stack buffer overflow in the 
zbx_snmp_ ...)
        - zabbix 1:7.0.3+dfsg-1 (bug #1088689)
+       [bookworm] - zabbix <not-affected> (vulnerable code introduced later)
+       [bullseye] - zabbix <not-affected> (vulnerable code introduced later)
        NOTE: https://support.zabbix.com/browse/ZBX-25621
        NOTE: Fixed by (merge commit): 
https://github.com/zabbix/zabbix/commit/c0dd17ac03c6cc5c7d830d1eee7e5b84243ea673
 (7.0.3rc1)
+       NOTE: vulnerable function introduced with commit 
https://github.com/zabbix/zabbix/commit/3850cd1cfea328baabafd26e56bc425ddff95eac
 (7.0.0beta1)
 CVE-2024-36464 (When exporting media types, the password is exported in the 
YAML in pl ...)
        - zabbix <unfixed> (bug #1088689)
        NOTE: https://support.zabbix.com/browse/ZBX-25630



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44b8ca32b6645cb468343e0e8c87561a3899864f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44b8ca32b6645cb468343e0e8c87561a3899864f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to