CNNVD-202510-3984 Information

CNNVD ID

CNNVD-202510-3984

Related CVE

CVE-2025-62785

• CNNVD Published: 2025-10-29

Description (Chinese)

Wazuh是Wazuh开源的一个应用软件。用于收集，汇总，索引和分析安全数据，帮助组织检测入侵，威胁和行为异常。 Wazuh存在代码问题漏洞，该漏洞源于fillData函数在调用os_strdup前未检查值是否为NULL，可能导致分析服务崩溃。

Description (English)

Wazuh is an application from the Wazuh Open Source. For collection, aggregation, indexing and analysis of security data to help the organization detect invasions, threats and behavioural anomalies. Wazuh has a code problem loophole, which stems from the fact that the flyData function does not check whether the value is NULL before calling Os strdup, which could lead to an analysis service crash.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

Wazuh

Published

2025-10-29

Last Modified

2026-02-24

References

https://github.com/wazuh/wazuh/commit/17f8dc23a6211cbb398a262fcd1b0fe61b0a8eb6 https://github.com/wazuh/wazuh/security/advisories/GHSA-mqpq-pcxc-8259 https://access.redhat.com/security/cve/cve-2025-62785

Patch

https://wazuh.com/