CVE-2024-45700

Medium CVSS: 6.0

Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted requests to the server, which will cause the server to allocate an excessive amount of memory and perform CPU-intensive decompression operations, ultimately leading to a service crash.

Vendor

Zabbix

Product

Zabbix

CWE

CWE-770

Yayın Tarihi

2025-04-02 07:15:41

Güncelleme

2025-11-03 20:16:31

Source Identifier

security@zabbix.com

KEV Date Added

Kategoriler

CWE-770 Zabbix MEDIUM Zabbix 2025

Referanslar

https://support.zabbix.com/browse/ZBX-26253 https://lists.debian.org/debian-lts-announce/2025/04/msg00027.html

Benzer Kayıtlar

Medium

CVE-2025-49643

An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending sp…

Medium

CVE-2025-27232

An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver le…

Medium

CVE-2025-49641

A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call the problem.view.refre…

Medium

CVE-2025-27231

The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host…

Low

CVE-2025-27236

A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have…

Low

CVE-2025-27238

Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user gr…