CVE-2023-29458
Duktape 2.6 bug crashes JavaScript putting too many values in valstack.
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.
*Credits:
nepalihacker0x01
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-04-06 CVE Reserved
- 2023-07-13 CVE Published
- 2024-10-22 CVE Updated
- 2025-04-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-129: Improper Validation of Array Index
CAPEC
- CAPEC-125: Flooding
References (1)
| URL | Tag | Source |
|---|---|---|
| https://support.zabbix.com/browse/ZBX-22989 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zabbix Search vendor "Zabbix" | Zabbix Search vendor "Zabbix" for product "Zabbix" | 5.0.34 Search vendor "Zabbix" for product "Zabbix" and version "5.0.34" | - |
Affected
| ||||||
| Zabbix Search vendor "Zabbix" | Zabbix Search vendor "Zabbix" for product "Zabbix" | 6.0.17 Search vendor "Zabbix" for product "Zabbix" and version "6.0.17" | - |
Affected
| ||||||
| Zabbix Search vendor "Zabbix" | Zabbix Search vendor "Zabbix" for product "Zabbix" | 6.4.2 Search vendor "Zabbix" for product "Zabbix" and version "6.4.2" | - |
Affected
| ||||||