CVE-2023-29458 - Vulnerability Details - OpenCVE

Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Zabbix	Zabbix

Configuration 1 [-]

OR	cpe:2.3:a:zabbix:zabbix:5.0.34:::::::*
	cpe:2.3:a:zabbix:zabbix:6.0.17:::::::*
	cpe:2.3:a:zabbix:zabbix:6.4.2:::::::*

No data.

References

Link	Providers
https://support.zabbix.com/browse/ZBX-22989

History

Tue, 22 Oct 2024 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Zabbix

Published: 2023-07-13T09:33:46.403Z

Updated: 2024-10-22T16:22:56.866Z

Reserved: 2023-04-06T18:04:44.892Z

Link: CVE-2023-29458

Vulnrichment

Updated: 2024-08-02T14:07:46.220Z

NVD

Status : Modified

Published: 2023-07-13T10:15:09.573

Modified: 2024-11-21T07:57:05.837

Link: CVE-2023-29458

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-29458", "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", "state": "PUBLISHED", "assignerShortName": "Zabbix", "dateReserved": "2023-04-06T18:04:44.892Z", "datePublished": "2023-07-13T09:33:46.403Z", "dateUpdated": "2024-10-22T16:22:56.866Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["Proxy", "Server"], "product": "Zabbix", "repo": "https://git.zabbix.com/", "vendor": "Zabbix", "versions": [{"changes": [{"at": "5.0.35rc1", "status": "unaffected"}], "lessThanOrEqual": "5.0.34", "status": "affected", "version": "5,0,0", "versionType": "git"}, {"changes": [{"at": "6.0.18rc1", "status": "unaffected"}], "lessThanOrEqual": "6.0.17", "status": "affected", "version": "6,0,0", "versionType": "git"}, {"changes": [{"at": "6.4.3rc1", "status": "unaffected"}], "lessThanOrEqual": "6.4.2", "status": "affected", "version": "6.4.0", "versionType": "git"}, {"changes": [{"at": "7.0.0alpha1", "status": "unaffected"}], "lessThanOrEqual": "7.0.0alpha1 ", "status": "affected", "version": "7.0.0alpha1", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "nepalihacker0x01"}], "datePublic": "2023-06-16T11:16:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use."}], "value": "Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use."}], "impacts": [{"capecId": "CAPEC-125", "descriptions": [{"lang": "en", "value": "CAPEC-125 Flooding"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", "shortName": "Zabbix", "dateUpdated": "2023-07-13T09:33:46.403Z"}, "references": [{"url": "https://support.zabbix.com/browse/ZBX-22989"}], "source": {"discovery": "UNKNOWN"}, "title": "Duktape 2.6 bug crashes JavaScript putting too many values in valstack.", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:07:46.220Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.zabbix.com/browse/ZBX-22989", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-22T16:19:37.201477Z", "id": "CVE-2023-29458", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T16:22:56.866Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.zabbix.com/browse/ZBX-22989", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:07:46.220Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-29458", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T16:19:37.201477Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T16:22:02.437Z"}}], "cna": {"title": "Duktape 2.6 bug crashes JavaScript putting too many values in valstack.", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "nepalihacker0x01"}], "impacts": [{"capecId": "CAPEC-125", "descriptions": [{"lang": "en", "value": "CAPEC-125 Flooding"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://git.zabbix.com/", "vendor": "Zabbix", "modules": ["Proxy", "Server"], "product": "Zabbix", "versions": [{"status": "affected", "changes": [{"at": "5.0.35rc1", "status": "unaffected"}], "version": "5,0,0", "versionType": "git", "lessThanOrEqual": "5.0.34"}, {"status": "affected", "changes": [{"at": "6.0.18rc1", "status": "unaffected"}], "version": "6,0,0", "versionType": "git", "lessThanOrEqual": "6.0.17"}, {"status": "affected", "changes": [{"at": "6.4.3rc1", "status": "unaffected"}], "version": "6.4.0", "versionType": "git", "lessThanOrEqual": "6.4.2"}, {"status": "affected", "changes": [{"at": "7.0.0alpha1", "status": "unaffected"}], "version": "7.0.0alpha1", "versionType": "git", "lessThanOrEqual": "7.0.0alpha1 "}], "defaultStatus": "affected"}], "datePublic": "2023-06-16T11:16:00.000Z", "references": [{"url": "https://support.zabbix.com/browse/ZBX-22989"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.", "supportingMedia": [{"type": "text/html", "value": "Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index"}]}], "providerMetadata": {"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", "shortName": "Zabbix", "dateUpdated": "2023-07-13T09:33:46.403Z"}}}, "cveMetadata": {"cveId": "CVE-2023-29458", "state": "PUBLISHED", "dateUpdated": "2024-10-22T16:22:56.866Z", "dateReserved": "2023-04-06T18:04:44.892Z", "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8", "datePublished": "2023-07-13T09:33:46.403Z", "assignerShortName": "Zabbix"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zabbix:zabbix:5.0.34:*:*:*:*:*:*:*", "matchCriteriaId": "21E9CA91-6BA2-4046-A81B-56203307F325", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:6.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "F6C005FB-B627-4C3B-8873-4ECF4A3696CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:6.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "2FECE71F-56F9-4E90-99EC-DBDCFE5AC605", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use."}], "id": "CVE-2023-29458", "lastModified": "2024-11-21T07:57:05.837", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.2, "source": "security@zabbix.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-13T10:15:09.573", "references": [{"source": "security@zabbix.com", "tags": ["Third Party Advisory"], "url": "https://support.zabbix.com/browse/ZBX-22989"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.zabbix.com/browse/ZBX-22989"}], "sourceIdentifier": "security@zabbix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "security@zabbix.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-129"}], "source": "nvd@nist.gov", "type": "Primary"}]}