← Back to CVEs
CVE-2024-32038
CRITICAL9.8
Description
Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh Manager 4.7.2.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published4/19/2024
Last Modified1/9/2025
Sourcenvd
Honeypot Sightings0
Affected Products
wazuh:wazuh
Weaknesses (CWE)
CWE-122CWE-787
References
https://github.com/wazuh/wazuh/security/advisories/GHSA-fcpw-v3pg-c327(security-advisories@github.com)
https://github.com/wazuh/wazuh/security/advisories/GHSA-fcpw-v3pg-c327(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.