CVE-2023-29458: Duktape 2.6 bug crashes JavaScript putting too many values in valstack.
First published: Thu Jul 13 2023(Updated: )
Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.
Credit: security@zabbix.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zabbix Server | =5.0.34 | |
| Zabbix Server | =6.0.17 | |
| Zabbix Server | =6.4.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-29458?
CVE-2023-29458 is a vulnerability in Duktape, a 3rd-party embeddable JavaScript engine, which can cause a crash when adding too many values in valstack.
How does CVE-2023-29458 affect Zabbix?
CVE-2023-29458 affects Zabbix versions 5.0.34, 6.0.17, and 6.4.2.
How severe is CVE-2023-29458?
CVE-2023-29458 has a severity rating of 7.5 (high).
Is there a fix available for CVE-2023-29458?
There is no known fix available for CVE-2023-29458 at the moment.
Where can I find more information about CVE-2023-29458?
More information about CVE-2023-29458 can be found at the following reference link: [here](https://support.zabbix.com/browse/ZBX-22989)
- collector/nvd-latest
- agent/type
- agent/weakness
- agent/references
- agent/description
- agent/severity
- agent/title
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/author
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/zabbix
- canonical/zabbix server
- version/zabbix server/5.0.34
- version/zabbix server/6.0.17
- version/zabbix server/6.4.2