How severe is CVE-2024-42328?

CVE-2024-42328 has a CVSS v3 score of 3.3 (LOW).

CVE-2024-42328

Name: zabbix
Author: zabbix

3.3LOW

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server's response is an

Publicado: 11/27/2024Actualizado: 10/8/2025

Descripción

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server's response is an empty document, then wd->data in the code below will remain NULL and an attempt to read from it will result in a crash.

Análisis IAImpulsado por IA

Productos Afectados

zabbixzabbix

Referencias

https://support.zabbix.com/browse/ZBX-25624
Vendor Advisory