CVE-2024-36468: 
Zabbix Server vulnerability analysis and mitigation

The vulnerability (CVE-2024-36468) is a stack buffer overflow discovered in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. The issue occurs when copying data from session->securityEngineID to local_record.engineid without proper bounds checking. This vulnerability affects Zabbix versions 5.0.x before 5.0.43rc1, 6.0.x before 6.0.35rc1, 6.4.x before 6.4.20rc1, and 7.0.x before 7.0.4rc1 (Debian Tracker, CERT-FR).

The vulnerability is specifically located in the zbx_snmp_cache_handle_engineid function of the Zabbix server/proxy code. The issue stems from improper bounds checking when copying data between session->securityEngineID and local_record.engineid. The vulnerable code was introduced in version 7.0.0beta1 with commit 3850cd1cfea328baabafd26e56bc425ddff95eac and was fixed in version 7.0.3rc1 through merge commit c0dd17ac03c6cc5c7d830d1eee7e5b84243ea673 (Debian Tracker).

A stack buffer overflow vulnerability can potentially lead to system crashes, memory corruption, and in some cases, arbitrary code execution. However, specific impact details for this vulnerability have not been publicly disclosed in the available sources.

The vulnerability has been fixed in Zabbix versions 5.0.43rc1, 6.0.35rc1, 6.4.20rc1, and 7.0.4rc1. Users are advised to upgrade to these or later versions to mitigate the vulnerability (CERT-FR).