CVE-2023-29458 MEDIUM

CVE-2023-29458: Duktape 2.6 bug crashes JavaScript putting too many values in valstack.

Vendor Zabbix

Product Zabbix

Weakness CWE-129

Published July 13, 2023

Last update November 3, 2025

View on NVD All CVEs

CVSS base score

5.9/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

Description

Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.

Key dates

Disclosure timeline

July 13, 2023 CVE published

November 3, 2025 Record updated

Identifiers

CVE CVE-2023-29458

CWE CWE-129

CVSS 5.9 / MEDIUM

Affected versions

Vendor Zabbix

Product Zabbix

Affected ≥ 5,0,0 and ≤ 5.0.34

Vendor Zabbix

Product Zabbix

Affected ≥ 6,0,0 and ≤ 6.0.17

Vendor Zabbix

Product Zabbix

Affected ≥ 6.4.0 and ≤ 6.4.2

Vendor Zabbix

Product Zabbix

Affected ≥ 7.0.0alpha1 and ≤ 7.0.0alpha1