logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2023-49275

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2023-49275

Description:
Wazuh is a free and open source platform used for threat prevention, detection, and response. A NULL pointer dereference was detected during fuzzing of the analysis engine, allowing malicious clients to DoS the analysis engine. The bug occurs when `analysisd` receives a syscollector message with the `hotfix` `msg_type` but lacking a `timestamp`. It uses `cJSON_GetObjectItem()` to get the `timestamp` object item and dereferences it without checking for a `NULL` value. A malicious client can DoS the analysis engine. This vulnerability is fixed in 4.7.1.
Last updated date:
01/09/2025
Type:
exploit
Confidence:
HIGH
Date of publishing:
01/09/2025
Reference url to background

https://github.com/wazuh/wazuh/security/advisories/GHSA-4mq7-w9r6-9975

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2025

Privacy Policy