CVE-2023-29146

Vulnerability

The utility functions used by Malwarebytes Endpoint Agent for Linux before 1.1.64 and Malwarebytes for Windows v5 with an update package version less than 1.0.106875 truncate hashed data exceeding 4GB. This truncation can lead to an integer wrap-around if the data is larger than the maximum unsigned 32-bit integer value, enabling hash collisions for different strings [1].

Exploitation

An attacker could potentially create a colliding hash value for two different strings by attaching 4GB of data to a string that is less than 4GB in size. This requires the ability to control the data being hashed by the affected Malwarebytes components [1].

Impact

Successful exploitation of this vulnerability could lead to hash collisions, where two different data inputs produce the same hash value. This may result in detection misses for malicious files or activities that rely on these hashing functions for identification [1].

Mitigation

Malwarebytes Endpoint Agent for Linux has been patched in version 1.1.64 and later. Malwarebytes for Windows v5 has been patched with update package version 1.0.106875 and later (corresponding to client version 5.2.6.163) [1]. Upgrading to the patched versions is recommended.