Unrated severityNVD Advisory· Published Apr 19, 2024· Updated Aug 2, 2024

Wazuh vulnerable to NULL Pointer Dereference in wazuh-analysisd

CVE-2023-49275

Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. A NULL pointer dereference was detected during fuzzing of the analysis engine, allowing malicious clients to DoS the analysis engine. The bug occurs when analysisd receives a syscollector message with the hotfix msg_type but lacking a timestamp. It uses cJSON_GetObjectItem() to get the timestamp object item and dereferences it without checking for a NULL value. A malicious client can DoS the analysis engine. This vulnerability is fixed in 4.7.1.

Affected products

Wazuh/Wazuhv5
Range: >= 3.2.0, < 4.7.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/wazuh/wazuh/blob/e1d5231b31b68a75f3b8b33f833155b362411078/src/analysisd/decoders/syscollector.cmitrex_refsource_MISC
github.com/wazuh/wazuh/blob/e1d5231b31b68a75f3b8b33f833155b362411078/src/analysisd/decoders/syscollector.cmitrex_refsource_MISC
github.com/wazuh/wazuh/security/advisories/GHSA-4mq7-w9r6-9975mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000