Wazuh 3.2.1

CPE Details

Wazuh 3.2.1
wazuh
wazuh
3.2.1
2021-11-26
09h46 +00:00
2021-11-26
09h50 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:wazuh:wazuh:3.2.1:*:*:*:*:*:*:*

Informations

Vendor

wazuh

Product

wazuh

Version

3.2.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-49275 2024-04-19 14h24 +00:00 Wazuh is a free and open source platform used for threat prevention, detection, and response. A NULL pointer dereference was detected during fuzzing of the analysis engine, allowing malicious clients to DoS the analysis engine. The bug occurs when `analysisd` receives a syscollector message with the `hotfix` `msg_type` but lacking a `timestamp`. It uses `cJSON_GetObjectItem()` to get the `timestamp` object item and dereferences it without checking for a `NULL` value. A malicious client can DoS the analysis engine. This vulnerability is fixed in 4.7.1.
6.5
Medium
CVE-2023-42463 2024-01-12 20h55 +00:00 Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3.
7.8
High
CVE-2021-41821 2021-09-29 20h59 +00:00 Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the manager.
6.5
Medium