Description
Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in azerothcore azerothcore-wotlk (deps/zlib modules). This vulnerability is associated with program files inflate.C.

This issue affects azerothcore-wotlk: through v4.0.0.
Published: 2026-01-27
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Memory corruption that may enable arbitrary code execution or denial of service
Action: Patch Immediately
AI Analysis

Impact

A buffer copy without checking the size of input in the inflate.C module of AzerothCore WotLK allows a heap‑based out‑of‑bounds write. The overflow can corrupt adjacent memory, which could be leveraged to execute arbitrary code or cause a crash, thereby compromising confidentiality, integrity, or availability of the application.

Affected Systems

AzerothCore WotLK, any build through version 4.0.0.

Risk and Exploitability

The CVSS score of 10 indicates a critical severity, but the EPSS score of less than 1% suggests that the likelihood of exploitation remains low at present. It has not been listed in the CISA KEV catalog. The most probable attack vector involves a malicious compressed data stream processed by the vulnerable inflate function, which could be sent remotely to a server running the affected build.

Generated by OpenCVE AI on April 18, 2026 at 02:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a version of AzerothCore WotLK newer than 4.0.0 that addresses the buffer overflow in inflate.C.
  • Restrict or validate any compressed data processed by the server to ensure it originates from trusted sources and conforms to size limits.
  • Apply application‑level defenses such as memory hardening, use of recent zlib releases, and input validation to mitigate potential exploitation of similar weaknesses.

Generated by OpenCVE AI on April 18, 2026 at 02:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Azerothcore azerothcore
CPEs cpe:2.3:a:azerothcore:azerothcore:*:*:*:*:*:*:*:*
Vendors & Products Azerothcore azerothcore
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 27 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Azerothcore
Azerothcore wotlk
Vendors & Products Azerothcore
Azerothcore wotlk

Tue, 27 Jan 2026 08:30:00 +0000

Type Values Removed Values Added
Description Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in azerothcore azerothcore-wotlk (deps/zlib modules). This vulnerability is associated with program files inflate.C. This issue affects azerothcore-wotlk: through v4.0.0.
Title A heap-based buffer over-read or buffer overflow vulnerability in azerothcore/azerothcore-wotlk
Weaknesses CWE-120
CWE-787
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:L/U:Red'}

Subscriptions

Azerothcore Azerothcore Wotlk
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-01-27T21:39:36.880Z

Reserved: 2026-01-27T08:18:43.267Z

Link: CVE-2026-24793

cve-icon Vulnrichment

Updated: 2026-01-27T21:10:21.267Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-27T09:15:48.940

Modified: 2026-02-17T20:01:06.373

Link: CVE-2026-24793

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T02:30:15Z

Weaknesses