CVE-2024-42328

Name of the Vulnerable Software and Affected Versions Browser object (affected versions not specified) Zabbix (affected versions not specified)

Description The issue is related to the handling of data downloaded from an HTTP server by the Browser object's web driver. When the server's response is an empty document, the data pointer remains NULL, and attempting to read from it results in a crash. This is due to the curl write cb function not allocating the data pointer until data is received. The vulnerability can be exploited to cause a denial of service (DoS).

Recommendations For the Browser object, consider implementing a check to ensure the data pointer is not NULL before attempting to read from it. For Zabbix, as a temporary workaround, consider restricting access to the curl write cb function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.