Bug 2356827 (CVE-2024-45700)

Summary: CVE-2024-45700 zabbix: DoS vulnerability due to uncontrolled resource exhaustion
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in Zabbix. This vulnerability allows an attacker to cause a denial of service via uncontrolled resource exhaustion by sending specially crafted requests that trigger excessive memory allocation and CPU-intensive decompression operations.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2356871, 2356872, 2356873, 2356874, 2356875, 2356876    
Bug Blocks:    

Description OSIDB Bzimport 2025-04-02 07:01:26 UTC 
Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted requests to the server, which will cause the server to allocate an excessive amount of memory and perform CPU-intensive decompression operations, ultimately leading to a service crash.