CVE-2024-42328

Published Nov 27, 2024

Last updated 3 months ago

CVSS low 3.3

Overview

Description
When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server's response is an empty document, then wd->data in the code below will remain NULL and an attempt to read from it will result in a crash.
Source
security@zabbix.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
3.3
Impact score
1.4
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Severity
LOW

Weaknesses

security@zabbix.com
CWE-476

Social media

Hype score
Not currently trending

  1. CVE-2024-42328 When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving dat… https://t.co/01GcUu6VJo

    @CVEnew

    27 Nov 2024

    392 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References