Vulnerability CVE-2023-29458: Information

Description

Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-29458

Published: July 13, 2023

Modified: July 25, 2023

Error type identifier: CWE-129

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
zabbix	p10	6.0.20-alt0.p10.1	6.0.29-alt0.p10.1	ALT-PU-2023-5065-2	327653	Fixed
zabbix	p10_e2k	6.0.20-alt0.p10.1	6.0.29-alt0.p10.1	ALT-PU-2023-5192-1	-	Fixed
zabbix	c9f2	5.0.38-alt1	5.0.40-alt1	ALT-PU-2023-6268-3	329847	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://support.zabbix.com/browse/ZBX-22989	Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:zabbix:zabbix:5.0.34:*:*:*:*:*:*:*
  cpe:2.3:a:zabbix:zabbix:6.0.17:*:*:*:*:*:*:*
  cpe:2.3:a:zabbix:zabbix:6.4.2:*:*:*:*:*:*:*

Version: v24.5.2

Vulnerability CVE-2023-29458: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1