CVE-2023-29458

MEDIUM

Zabbix - Denial of Service via Duktape Valstack Overflow

Title source: llm

Description

Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.

References (2)

Core 2

Core References

Third Party Advisory

https://support.zabbix.com/browse/ZBX-22989

Mailing List

https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html

Scores

CVSS v3 5.9

EPSS 0.0064

EPSS Percentile 45.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-129

Status published

Products (3)

zabbix/zabbix 5.0.34

zabbix/zabbix 6.0.17

zabbix/zabbix 6.4.2

Published Jul 13, 2023

Tracked Since Feb 18, 2026