CVE-2023-49275

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.7.1

Description A NULL pointer dereference was detected in the analysis engine of Wazuh, a free and open source platform used for threat prevention, detection, and response. This issue occurs when the analysisd receives a syscollector message with the hotfix msg type but lacking a timestamp. The cJSON GetObjectItem() function is used to get the timestamp object item, which is then dereferenced without checking for a NULL value. This allows malicious clients to perform a Denial of Service (DoS) attack on the analysis engine.

Recommendations For versions prior to 4.7.1, update to version 4.7.1 to resolve the issue. As a temporary workaround, consider restricting access to the analysisd component to minimize the risk of exploitation. Avoid sending syscollector messages with the hotfix msg type but lacking a timestamp until the issue is resolved.