CVE-2024-42331
CVSS V2 None
CVSS V3 None
Description
In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error method in the src/libs/zbxembed/browser_error.c file. A use-after-free bug can occur at this stage if the wd->browser heap pointer is freed by garbage collection.
Overview
- CVE ID
- CVE-2024-42331
- Assigner
- Zabbix
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-27T12:06:12.250Z
- Last Modified Date
- 2024-11-27T14:55:34.113Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://support.zabbix.com/browse/ZBX-25627 |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-42331 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42331 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-11-28 13:19:43 | Added to TrackCVE |