Impact
There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above.
Patches
We expect to fix this issue in Wazuh Manager 4.7.2.
Workarounds
The only workaround is to prevent agents 3.8+ from reporting Eventchannel messages.
References
ZDI-CAN-22475
Credits
Vulnerability discovered by @d0ntrash working with Trend Micro Zero Day Initiative.
Impact
There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above.
Patches
We expect to fix this issue in Wazuh Manager 4.7.2.
Workarounds
The only workaround is to prevent agents 3.8+ from reporting Eventchannel messages.
References
ZDI-CAN-22475
Credits
Vulnerability discovered by @d0ntrash working with Trend Micro Zero Day Initiative.