CVE-2023-29146 – Malwarebytes Endpoint Agents – Hash collision

SUMMARY:

The utility functions used, by Malwarebytes Endpoint Agent for Linux before 1.1.64 and Malwarebytes for Windows v5 having an update package version < 1.0.106875 , for calculating a cryptographic hash of data bytes, truncate the hashed data if it exceeds 4GB. This could lead to colliding hash values for two different strings in some scenarios and detection misses.

AFFECTED VERSIONS

  • Endpoint Agent for Linux < 1.1.64
  • Malwarebytes for Windows v5 having an update package version <1.0.106875

PATCHED VERSIONS

  • Endpoint Agent for Linux >= 1.1.64
  • Malwarebytes for Windows v5 >= 5.2.6.163 | Update package version >= 1.0.106875

MITIGATION ADVICE

We recommend upgrading the affected endpoints to the patched versions.

DETAILS

CWECVS 3.xVector
CWE-190: Integer Overflow8.2 HighLocal

RECOGNITION

X41-Dsec

REFERENCES

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29146