CVE-2024-42328

Name	CVE-2024-42328
Description	When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server's response is an empty document, then wd->data in the code below will remain NULL and an attempt to read from it will result in a crash.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	1090029

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
zabbix (PTS)	jessie, jessie (lts)	1:2.2.23+dfsg-0+deb8u9	fixed
	stretch (security)	1:3.0.32+dfsg-0+deb9u3	fixed
	stretch (lts), stretch	1:3.0.32+dfsg-0+deb9u8	fixed
	buster (security), buster, buster (lts)	1:4.0.4+dfsg-1+deb10u5	fixed
	bullseye	1:5.0.8+dfsg-1	fixed
	bullseye (security)	1:5.0.45+dfsg-1+deb11u1	fixed
	bookworm	1:6.0.14+dfsg-1	fixed
	sid, trixie	1:7.0.6+dfsg-1	vulnerable

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Debian Bugs
zabbix	source	jessie	(not affected)
zabbix	source	stretch	(not affected)
zabbix	source	buster	(not affected)
zabbix	source	bullseye	(not affected)
zabbix	source	bookworm	(not affected)
zabbix	source	(unstable)	(unfixed)	1090029

Notes

[bookworm] - zabbix <not-affected> (Vulnerable code introduced later)
[bullseye] - zabbix <not-affected> (Vulnerable code introduced later)
https://support.zabbix.com/browse/ZBX-25624
webdriver introduced with commit https://github.com/zabbix/zabbix/commit/4d22c15fe4499602e0da5399e3dd6dc9da03277b (7.0.0rc1)
[buster] - zabbix <not-affected> (vulnerable feature introduced later)
[stretch] - zabbix <not-affected> (vulnerable feature introduced later)
[jessie] - zabbix <not-affected> (vulnerable feature introduced later)