Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Wazuh Vulnerable to Heap Use After Free in w_copy_event_for_log
Vulnerability Description
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, w_copy_event_for_log() references memory (initially allocated in OS_CleanMSG()) after it has been freed. A compromised agent can potentially compromise the integrity of the application by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can leverage this issue to potentially compromise the integrity of the application (the use of previously freed memory may corrupt valid data, if the memory area in question has been allocated and used properly elsewhere). This vulnerability is fixed in 4.11.0.
CVSS Information
N/A
Vulnerability Type
释放后使用
Vulnerability Title
Wazuh 资源管理错误漏洞
Vulnerability Description
Wazuh是Wazuh开源的一个应用软件。用于收集,汇总,索引和分析安全数据,帮助组织检测入侵,威胁和行为异常。 Wazuh 4.11.0之前版本存在资源管理错误漏洞,该漏洞源于w_copy_event_for_log函数引用已释放内存,可能导致应用程序完整性被破坏。
CVSS Information
N/A
Vulnerability Type
N/A