CVE-2023-32722: 
Zabbix Server vulnerability analysis and mitigation

The vulnerability identified as CVE-2023-32722 affects the zabbix/src/libs/zbxjson module, specifically causing a buffer overflow vulnerability when parsing JSON files via zbxjsonopen. The issue was discovered in September 2023 and affects multiple versions of Zabbix, including versions 6.0.0 through 6.0.20, 6.4.0 through 6.4.5, and early alpha versions of 7.0.0 (Zabbix Issue).

The vulnerability is classified as a stack-based buffer overflow, identified with CWE-787 (Out-of-bounds Write) and CWE-120 (Buffer Copy without Checking Size of Input). The severity of this vulnerability has been assessed with different CVSS scores: NIST assigned a CVSS v3.1 base score of 7.8 (High) with vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Zabbix assessed it at 9.6 (Critical) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H (NVD Database).

The vulnerability can lead to remote code execution through stack-based buffer overflows, potentially allowing attackers to execute arbitrary code on affected systems. The impact is considered critical due to the potential for high levels of compromise in confidentiality, integrity, and availability of the affected systems (Zabbix Issue).

The vulnerability has been fixed in Zabbix versions 6.0.21rc1, 6.4.6rc1, and 7.0.0alpha4. Organizations running affected versions should upgrade to these fixed versions or later releases. The fix was implemented through commits 5310e1e011dbb81397a3ab0d6586d597ff7e5599 (7.0.0alpha4) and 93c04d6260bfa599014532986c421a3a1c93b60b (6.0.21rc1) (Debian Tracker).