Marius-Momeu

**Name of the Vulnerable Software and Affected Versions** Wazuh versions 1.0.0 through 4.14.3 **Description** A heap-based out-of-bounds WRITE occurs in the `GetAlertData()` function. This is caused by an unsigned integer underflow and pointer arithmetic wrapping, which results in a NULL byte being written exactly 1 byte before the start of the buffer allocated by `strdup`, thereby corrupting heap metadata. A malicious actor with a compromised agent can exploit this by injecting a specially crafted alert into the alerts log file monitored by wazuh-logcollector to cause heap corruption or denial of service. **Recommendations** Update to version 4.14.4.

**Name of the Vulnerable Software and Affected Versions** Wazuh versions 4.0.0 through 4.14.3 **Description** Multiple heap-based out-of-bounds WRITE issues exist in the `parse uname string()` function within `remoted op.c`. This function processes OS identification data from agents and contains a code pattern that writes to `strlen(ptr) - 1` without verifying if strings are empty. When an empty string is processed, `strlen()` returns 0, causing an unsigned integer underflow where 0 - 1 wraps to `SIZE MAX`. This results in a write operation occurring 1 byte before the allocated buffer, which corrupts heap metadata, such as the chunk size field in glibc malloc, leading to heap corruption. **Recommendations** Update to version 4.14.4.