CVE-2024-42331 Information

Description

In the src/libs/zbxembed/browser.c file the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error method in the src/libs/zbxembed/browser_error.c file. A use-after-free bug can occur at this stage if the wd->browser heap pointer is freed by garbage collection.

Reference

https://support.zabbix.com/browse/ZBX-25627