CRITICAL🇵🇱 Wersja polska

CVE-2024-32038

CVSS 9.8v3.1pub. 2024-04-19upd. 2025-01-09

Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh Manager 4.7.2.

🤖 AI Analysis
How it works

An attacker can deliver crafted Windows Eventchannel messages containing Unicode characters that are incorrectly handled by the wazuh-analysisd component. As a result, a heap-based buffer overflow occurs (CWE-122, CWE-787) — data is written beyond the boundaries of the allocated buffer on the heap. The vulnerability is remotely accessible without requiring authentication or user interaction, making it particularly dangerous.

Impact

Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code remotely (RCE) on the Wazuh Manager server, and consequently achieve full system takeover, including violation of data confidentiality, integrity, and availability.

Mitigation & patch

Wazuh Manager should be updated to version 4.7.2, in which the vulnerability has been fixed. Detailed information is available in the official security advisory from the vendor at the address indicated in the references.

Who is affected

Wazuh Manager in versions 3.8.0 through 4.7.1 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Wazuh

    APP
    Wazuh
    3.8.0 – 4.7.2 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-24016CRITICAL9.9⚠ KEVPL ✓ten sam produkt

Wazuh: RCE przez niebezpieczną deserializację w DistributedAPI

CVE-2026-30893CRITICAL9.0PL ✓ten sam produkt

Path Traversal w Wazuh umożliwiający RCE poprzez synchronizację klastra

CVE-2026-25769CRITICAL9.1PL ✓ten sam produkt

RCE przez Deserialization w Wazuh — podatność klastra master/worker

CVE-2026-25770CRITICAL9.1PL ✓ten sam produkt

Wazuh: privilege escalation do root przez cluster protocol (RCE)

CVE-2024-1243CRITICAL9.5PL ✓ten sam produkt

Wazuh Agent (Windows): wyciek hash NetNTLMv2 umożliwiający RCE i privilege escalation