CVE-2023-7340 MEDIUM

CVE-2023-7340: Wazuh authd service (os_auth) Heap-based Buffer Overflow

Vendor Wazuh
Product Wazuh
Weakness CWE-125
Published March 27, 2026
Last update May 25, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the authentication daemon.

Key dates

02Disclosure timeline

March 27, 2026 CVE published
May 25, 2026 Record updated

Related vulnerabilities

04Related CVE