Login Sign Up

CVE-2026-24793

9.8 CRITICAL
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

This CVE describes a classic buffer overflow vulnerability in AzerothCore's Wrath of the Lich King implementation, specifically in the zlib dependency's inflate.c module. An attacker could exploit this to execute arbitrary code or cause denial of service by sending specially crafted compressed data. All users running affected AzerothCore versions are vulnerable.

💻 Affected Systems

Products:
  • azerothcore/azerothcore-wotlk
Versions: through v4.0.0
Operating Systems: All platforms running affected AzerothCore
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is in the bundled zlib dependency, affecting all configurations using the inflate functionality

📦 What is this software?

Azerothcore by Azerothcore

View all CVEs affecting Azerothcore →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation

🟠

Likely Case

Denial of service through application crashes or instability

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege principles are implemented

🌐 Internet-Facing: HIGH - The vulnerability affects network-facing services that process compressed data
🏢 Internal Only: MEDIUM - Internal exploitation possible but requires network access to vulnerable service

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Buffer overflow vulnerabilities in compression libraries are frequently exploited, though no specific exploit has been confirmed for this CVE

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after v4.0.0 with the fix applied

Vendor Advisory: https://github.com/azerothcore/azerothcore-wotlk/pull/21599

Restart Required: Yes

Instructions:

1. Update to the latest AzerothCore version that includes the fix. 2. Rebuild the server from source. 3. Restart all AzerothCore services.

🔧 Temporary Workarounds

Network filtering

all

Block or filter compressed data inputs to vulnerable services

Service isolation

all

Run AzerothCore in isolated containers or VMs with limited privileges

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate vulnerable servers
  • Deploy application firewalls to inspect and block malicious compressed data

🔍 How to Verify

Check if Vulnerable:

Check if running AzerothCore version 4.0.0 or earlier, or verify the zlib dependency version in deps/ directory

Check Version:

Check the AzerothCore version in configuration files or run server with --version flag

Verify Fix Applied:

Confirm the server is running a version after the fix was merged (check git commit history for PR #21599)

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults
  • Unexpected process termination
  • Memory access violation errors

Network Indicators:

  • Unusual compressed data patterns
  • Large or malformed compressed packets

SIEM Query:

search 'segmentation fault' OR 'buffer overflow' OR 'access violation' in application logs

📊 Metadata

CVE ID: CVE-2026-24793
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-120
EPSS Score: 0.06% exploit probability (17.2th percentile)
Published: January 27, 2026
Last Updated: February 17, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-24793, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)