CVE-2023-42463: 
Wazuh Agent vulnerability analysis and mitigation

CVE-2023-42463 affects Wazuh, a free and open source platform used for threat prevention, detection, and response. The vulnerability was discovered and disclosed on January 12, 2024, affecting all versions of Wazuh prior to version 4.5.3. This security issue involves a stack overflow hazard in the Log Collector component (NVD, GitHub Advisory).

The vulnerability is classified as a stack-based buffer overflow (CWE-121) that specifically affects the processing of the multilines log format. The issue stems from improper validation of user-supplied data, which can result in an integer underflow before writing to memory. The vulnerability has received a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD, ZDI).

The vulnerability can lead to local privilege escalation, potentially allowing an attacker to execute arbitrary code in the context of root. This presents a significant security risk as it could enable unauthorized elevation of privileges and complete system compromise (ZDI).

The vulnerability has been patched in Wazuh version 4.5.3. For users unable to update immediately, a temporary workaround is available by either disabling multiline functionality or replacing it with multiline_regex (GitHub Advisory).