CRITICAL🇵🇱 Wersja polska

CVE-2026-24793

CVSS 10.0v4.0pub. 2026-01-27upd. 2026-02-17

Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in azerothcore azerothcore-wotlk (deps/zlib modules). This vulnerability is associated with program files inflate.C. This issue affects azerothcore-wotlk: through v4.0.0.

🤖 AI Analysis
How it works

The error consists of copying data into a buffer without verification of input size (CWE-120) and writing beyond the boundaries of allocated memory (CWE-787). The vulnerable file is inflate.C, which is part of the zlib dependencies included in the azerothcore-wotlk project. An attacker can provide specially crafted data that causes a buffer overflow and overwrites adjacent memory areas.

Impact

Successful exploitation of the vulnerability can lead to remote code execution (RCE) on the game server or destabilization of its operation. Due to the absence of authentication and interaction requirements, the risk of complete system takeover is very high.

Mitigation & patch

Apply patches available from the vendor according to the references — the fix is available as part of pull request #21599 in the azerothcore-wotlk GitHub repository (https://github.com/azerothcore/azerothcore-wotlk/pull/21599)

Who is affected

azerothcore-wotlk in all versions up to and including v4.0.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:Red
  • Azerothcore

    APP
    Azerothcore
    ≤ 4.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References