The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server prior to 1.6.8 allows remote malicious users to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zabbix zabbix 1.1.2 |
||
zabbix zabbix 1.1.4 |
||
zabbix zabbix 1.4.3 |
||
zabbix zabbix |
||
zabbix zabbix 1.4.6 |
||
zabbix zabbix 1.4.4 |
||
zabbix zabbix 1.1.3 |
||
zabbix zabbix 1.6.6 |
||
zabbix zabbix 1.4.2 |
||
zabbix zabbix 1.1.5 |