CVE-2026-25772

{"id": "CVE-2026-25772", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2026-03-17T19:16:01.260", "references": [{"url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-h7vp-j34v-h6j5", "tags": ["Exploit", "Vendor Advisory", "Mitigation"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-121"}, {"lang": "en", "value": "CWE-191"}]}], "descriptions": [{"lang": "en", "value": "Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.14.3, a stack-based buffer overflow vulnerability exists in the Wazuh Database synchronization module (`wdb_delta_event.c`). The SQL query construction logic allows for an integer underflow when calculating the remaining buffer size. This occurs because the code incorrectly aggregates the return value of `snprintf`. If a specific database synchronization payload exceeds the size of the query buffer (2048 bytes), the size calculation wraps around to a massive integer, effectively removing bounds checking for subsequent writes. This allows an attacker to corrupt the stack, leading to a Denial of Service (DoS) or potentially RCE. Version 4.14.3 fixes the issue."}, {"lang": "es", "value": "Wazuh es una plataforma de c\u00f3digo abierto y gratuita utilizada para la prevenci\u00f3n, detecci\u00f3n y respuesta ante amenazas. A partir de la versi\u00f3n 4.4.0 y antes de la versi\u00f3n 4.14.3, existe una vulnerabilidad de desbordamiento de b\u00fafer basado en pila en el m\u00f3dulo de sincronizaci\u00f3n de la base de datos de Wazuh ('wdb_delta_event.c'). La l\u00f3gica de construcci\u00f3n de consultas SQL permite un desbordamiento negativo de enteros al calcular el tama\u00f1o restante del b\u00fafer. Esto ocurre porque el c\u00f3digo agrega incorrectamente el valor de retorno de `snprintf`. Si una carga \u00fatil de sincronizaci\u00f3n de base de datos espec\u00edfica excede el tama\u00f1o del b\u00fafer de consulta (2048 bytes), el c\u00e1lculo del tama\u00f1o se desborda a un entero masivo, eliminando efectivamente la verificaci\u00f3n de l\u00edmites para escrituras posteriores. Esto permite a un atacante corromper la pila, lo que lleva a una denegaci\u00f3n de servicio (DoS) o potencialmente a RCE. La versi\u00f3n 4.14.3 corrige el problema."}], "lastModified": "2026-03-19T17:15:43.710", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20E73DB8-7A42-4444-AF0C-9CC0AC810760", "versionEndExcluding": "4.14.3", "versionStartIncluding": "4.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}