CVE-2023-32724 CRITICAL

CVE-2023-32724: JavaScript engine memory pointers are directly available for Zabbix users for modification

Vendor Zabbix

Product Zabbix

Weakness CWE-732

Published October 12, 2023

Last update November 3, 2025

CVSS base score

9.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

What the vulnerability does

Description

Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation.

Key dates

October 12, 2023 CVE published

November 3, 2025 Record updated

CVE CVE-2023-32724

CWE CWE-732

CVSS 9.1 / CRITICAL

Vendor Zabbix

Product Zabbix

Affected ≥ 5.0.0 and ≤ 5.0.36

Vendor Zabbix

Product Zabbix

Affected ≥ 6.0.0 and ≤ 6.0.20

Vendor Zabbix

Product Zabbix

Affected ≥ 6.4.0 and ≤ 6.4.5

Vendor Zabbix

Product Zabbix

Affected ≥ 7.0.0alpha1 and ≤ 7.0.0alpha3