{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T03:29:39.938","vulnerabilities":[{"cve":{"id":"CVE-2026-25772","sourceIdentifier":"security-advisories@github.com","published":"2026-03-17T19:16:01.260","lastModified":"2026-03-19T17:15:43.710","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.14.3, a stack-based buffer overflow vulnerability exists in the Wazuh Database synchronization module (`wdb_delta_event.c`). The SQL query construction logic allows for an integer underflow when calculating the remaining buffer size. This occurs because the code incorrectly aggregates the return value of `snprintf`. If a specific database synchronization payload exceeds the size of the query buffer (2048 bytes), the size calculation wraps around to a massive integer, effectively removing bounds checking for subsequent writes. This allows an attacker to corrupt the stack, leading to a Denial of Service (DoS) or potentially RCE. Version 4.14.3 fixes the issue."},{"lang":"es","value":"Wazuh es una plataforma de código abierto y gratuita utilizada para la prevención, detección y respuesta ante amenazas. A partir de la versión 4.4.0 y antes de la versión 4.14.3, existe una vulnerabilidad de desbordamiento de búfer basado en pila en el módulo de sincronización de la base de datos de Wazuh ('wdb_delta_event.c'). La lógica de construcción de consultas SQL permite un desbordamiento negativo de enteros al calcular el tamaño restante del búfer. Esto ocurre porque el código agrega incorrectamente el valor de retorno de `snprintf`. Si una carga útil de sincronización de base de datos específica excede el tamaño del búfer de consulta (2048 bytes), el cálculo del tamaño se desborda a un entero masivo, eliminando efectivamente la verificación de límites para escrituras posteriores. Esto permite a un atacante corromper la pila, lo que lleva a una denegación de servicio (DoS) o potencialmente a RCE. La versión 4.14.3 corrige el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-121"},{"lang":"en","value":"CWE-191"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.14.3","matchCriteriaId":"20E73DB8-7A42-4444-AF0C-9CC0AC810760"}]}]}],"references":[{"url":"https://github.com/wazuh/wazuh/security/advisories/GHSA-h7vp-j34v-h6j5","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory","Mitigation"]}]}}]}