CVE-2024-42331

CVSS V2 None CVSS V3 None
Description
In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error method in the src/libs/zbxembed/browser_error.c file. A use-after-free bug can occur at this stage if the wd->browser heap pointer is freed by garbage collection.
Overview
  • CVE ID
  • CVE-2024-42331
  • Assigner
  • Zabbix
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-11-27T12:06:12.250Z
  • Last Modified Date
  • 2024-11-27T14:55:34.113Z
References
Reference URL Reference Tags
https://support.zabbix.com/browse/ZBX-25627
History
Created Old Value New Value Data Type Notes
2024-11-28 13:19:43 Added to TrackCVE