CVE-2024-45700: DoS vulnerability due to uncontrolled resource exhaustion

6.0 CVSS

Description

Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted requests to the server, which will cause the server to allocate an excessive amount of memory and perform CPU-intensive decompression operations, ultimately leading to a service crash.

Classification

CVE ID: CVE-2024-45700

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.0

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem Types

CWE-770 Allocation of Resources Without Limits or Throttling

Affected Products

Vendor: Zabbix

Product: Zabbix

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 10.44% (scored less or equal to compared to others)

EPSS Date: 2025-04-20 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-45700
https://support.zabbix.com/browse/ZBX-26253

Timeline

2025-04-02 07:40:14 UTC
CVE

DoS vulnerability due to uncontrolled resource exhaustion
2025-04-14 06:00:51 UTC
Tenable Plugins

Fedora 40 : zabbix (2025-d4263ef3ef)