CVE-2024-32038 - Vulnerability Details - OpenCVE

Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh Manager 4.7.2.

Published: 2024-04-19

Score: 9.8 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

wazuh

wazuh

affected

Version	Status	Constraints
`>= 3.8.0, < 4.7.2`	affected	—

Configuration 1 [-]

cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-29872	Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh Manager 4.7.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00593.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/wazuh/wazuh/security/advisories/GHSA-fcpw-v3pg-c327

History

Thu, 09 Jan 2025 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wazuh Wazuh wazuh
Weaknesses		CWE-787
CPEs		cpe:2.3:a:wazuh:wazuh::::::::
Vendors & Products		Wazuh Wazuh wazuh

Subscriptions

Wazuh Wazuh

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-04-19T14:31:00.581Z

Updated: 2024-08-02T02:06:42.823Z

Reserved: 2024-04-09T15:29:35.939Z

Link: CVE-2024-32038

Vulnrichment

Updated: 2024-08-02T02:06:42.823Z

NVD

Status : Analyzed

Published: 2024-04-19T15:15:50.610

Modified: 2025-01-09T17:38:55.253

Link: CVE-2024-32038

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-32038", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-04-09T15:29:35.939Z", "datePublished": "2024-04-19T14:31:00.581Z", "dateUpdated": "2024-08-02T02:06:42.823Z"}, "containers": {"cna": {"title": "Wazuh Analysis Engine Event Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/wazuh/wazuh/security/advisories/GHSA-fcpw-v3pg-c327", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-fcpw-v3pg-c327"}], "affected": [{"vendor": "wazuh", "product": "wazuh", "versions": [{"version": ">= 3.8.0, < 4.7.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-19T14:31:00.581Z"}, "descriptions": [{"lang": "en", "value": "Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh Manager 4.7.2."}], "source": {"advisory": "GHSA-fcpw-v3pg-c327", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32038", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-19T18:15:13.546008Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:wazuh:wazuh_manager:3.8.0:*:*:*:*:*:*:*"], "vendor": "wazuh", "product": "wazuh_manager", "versions": [{"status": "affected", "version": "3.8.0", "lessThan": "4.7.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:52:06.098Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:06:42.823Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/wazuh/wazuh/security/advisories/GHSA-fcpw-v3pg-c327", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-fcpw-v3pg-c327"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-fcpw-v3pg-c327", "name": "https://github.com/wazuh/wazuh/security/advisories/GHSA-fcpw-v3pg-c327", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:06:42.823Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32038", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-19T18:15:13.546008Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:wazuh:wazuh_manager:3.8.0:*:*:*:*:*:*:*"], "vendor": "wazuh", "product": "wazuh_manager", "versions": [{"status": "affected", "version": "3.8.0", "lessThan": "4.7.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-19T18:14:47.759Z"}}], "cna": {"title": "Wazuh Analysis Engine Event Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability", "source": {"advisory": "GHSA-fcpw-v3pg-c327", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "wazuh", "product": "wazuh", "versions": [{"status": "affected", "version": ">= 3.8.0, < 4.7.2"}]}], "references": [{"url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-fcpw-v3pg-c327", "name": "https://github.com/wazuh/wazuh/security/advisories/GHSA-fcpw-v3pg-c327", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh Manager 4.7.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-19T14:31:00.581Z"}}}, "cveMetadata": {"cveId": "CVE-2024-32038", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:06:42.823Z", "dateReserved": "2024-04-09T15:29:35.939Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-04-19T14:31:00.581Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*", "matchCriteriaId": "72216961-C021-43DF-B94D-099AB12D6190", "versionEndExcluding": "4.7.2", "versionStartIncluding": "3.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh Manager 4.7.2."}, {"lang": "es", "value": "Wazuh es una plataforma gratuita y de c\u00f3digo abierto que se utiliza para la prevenci\u00f3n, detecci\u00f3n y respuesta a amenazas. Existe un riesgo de desbordamiento del b\u00fafer en wazuh-analysisd cuando se manejan caracteres Unicode de mensajes de Windows Eventchannel. Afecta a Wazuh Manager 3.8.0 y superiores. Esta vulnerabilidad se solucion\u00f3 en Wazuh Manager 4.7.2."}], "id": "CVE-2024-32038", "lastModified": "2025-01-09T17:38:55.253", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-19T15:15:50.610", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-fcpw-v3pg-c327"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-fcpw-v3pg-c327"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}