CVE-2023-29458

EUVD-2023-33027
Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
ZabbixCNA
5.9 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
zabbixzabbix
5.0.34
zabbixzabbix
6.0.17
zabbixzabbix
6.4.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
zabbix
bookworm
no-dsa
bullseye
vulnerable
bullseye (security)
1:5.0.45+dfsg-1+deb11u1
fixed
buster
not-affected
sid
1:7.0.6+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
zabbix
bionic
not-affected
focal
not-affected
jammy
needed
kinetic
ignored
lunar
ignored
mantic
ignored
noble
dne
oracular
needs-triage
trusty
not-affected
xenial
not-affected
Common Weakness Enumeration
References
https://support.zabbix.com/browse/ZBX-22989
https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html
https://support.zabbix.com/browse/ZBX-22989