CVE-2024-42326 – A use-after-free vulnerability in Zabbix's brow... (How to Fix)

Q: What is the severity of CVE-2024-42326?

CVE-2024-42326 has a CVSS score of 4.4 (MEDIUM). A use-after-free vulnerability in Zabbix's browser.c es_browser_get_variant function could allow memory corruption. This affects Zabbix installations where the vulnerable component is accessible, potentially leading to crashes or code execution. Only Zabbix users with affected versions are impacted.

📋 TL;DR

A use-after-free vulnerability in Zabbix's browser.c es_browser_get_variant function could allow memory corruption. This affects Zabbix installations where the vulnerable component is accessible, potentially leading to crashes or code execution. Only Zabbix users with affected versions are impacted.

💻 Affected Systems

Products:

Zabbix

Versions: Zabbix 7.0.0 to 7.0.4

Operating Systems: All platforms running Zabbix

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Zabbix web interface component; requires access to the vulnerable function

📦 What is this software?

Zabbix by Zabbix

View all CVEs affecting Zabbix →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise of the Zabbix server

🟠

Likely Case

Application crash causing denial of service for Zabbix monitoring functionality

🟢

If Mitigated

Limited impact due to memory corruption being contained within the application

🌐 Internet-Facing: MEDIUM - Zabbix web interface is often exposed, but exploitation requires specific conditions

🏢 Internal Only: MEDIUM - Internal Zabbix deployments could be targeted by internal threats

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Use-after-free vulnerabilities typically require specific memory manipulation knowledge; authentication status unclear from available information

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Zabbix 7.0.5

Vendor Advisory: https://support.zabbix.com/browse/ZBX-25622

Restart Required: Yes

Instructions:

1. Download Zabbix 7.0.5 from official repository. 2. Follow Zabbix upgrade documentation for your platform. 3. Restart Zabbix server and web interface services.

🔧 Temporary Workarounds

Network Access Restriction

all

Limit access to Zabbix web interface to trusted networks only

# Configure firewall rules to restrict Zabbix port access
# Example: iptables -A INPUT -p tcp --dport 80,443 -s trusted_network -j ACCEPT

🧯 If You Can't Patch

Implement strict network segmentation to isolate Zabbix from untrusted networks
Enable comprehensive logging and monitoring for unusual Zabbix process behavior

🔍 How to Verify

Check if Vulnerable:

Check Zabbix version via web interface (Administration → General → About) or command line: zabbix_server --version

Check Version:

zabbix_server --version | grep 'Zabbix'

Verify Fix Applied:

Confirm version shows 7.0.5 or higher after upgrade

📡 Detection & Monitoring

Log Indicators:

Zabbix process crashes in system logs
Memory access violation errors in Zabbix logs

Network Indicators:

Unusual requests to Zabbix web interface endpoints

SIEM Query:

source="zabbix.log" AND ("segmentation fault" OR "memory corruption" OR "use after free")

📊 Metadata

CVE ID: CVE-2024-42326

CVSS v3 Score: 4.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

CWE: CWE-416

Published: November 27, 2024

Last Updated: October 8, 2025

🔗 References

https://support.zabbix.com/browse/ZBX-25622 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42326, you might also want to check these: