Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Wazuh vulnerable to NULL Pointer Dereference in wazuh-analysisd
Vulnerability Description
Wazuh is a free and open source platform used for threat prevention, detection, and response. A NULL pointer dereference was detected during fuzzing of the analysis engine, allowing malicious clients to DoS the analysis engine. The bug occurs when `analysisd` receives a syscollector message with the `hotfix` `msg_type` but lacking a `timestamp`. It uses `cJSON_GetObjectItem()` to get the `timestamp` object item and dereferences it without checking for a `NULL` value. A malicious client can DoS the analysis engine. This vulnerability is fixed in 4.7.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
空指针解引用
Vulnerability Title
Wazuh 安全漏洞
Vulnerability Description
Wazuh是 Wazuh开源的一个应用软件。用于收集,汇总,索引和分析安全数据,帮助组织检测入侵,威胁和行为异常。 Wazuh 4.7.1之前版本存在安全漏洞,该漏洞源于在分析引擎模糊测试期间检测到空指针取消引用,从而允许恶意客户端对分析引擎进行拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A