CVE-2023-29458

Summary

Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.

Affected Software

VendorProductVersion RangeStatus
ZabbixZabbix5,0,0 <= 5.0.34affected
ZabbixZabbix6,0,0 <= 6.0.17affected
ZabbixZabbix6.4.0 <= 6.4.2affected
ZabbixZabbix7.0.0alpha1 <= 7.0.0alpha1affected

Weaknesses

  • CWE-129: CWE-129 Improper Validation of Array Index

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References