CVE-2023-29458

Published: Jul 13, 2023Modified: Nov 3, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.

Affected (3)

Products: Zabbix: Zabbix

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Zabbix Zabbix	Version 5.0.34
Zabbix Zabbix	Version 6.0.17
Zabbix Zabbix	Version 6.4.2

Related CWEs

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (3)

https://support.zabbix.com/browse/ZBX-22989

Source: security@zabbix.com

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.zabbix.com/browse/ZBX-22989

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.