CVE-2023-29146 – Malwarebytes Agents – Hash-conflict
SAMENVATTING:
The utility functions used, by Malwarebytes Endpoint Agent for Linux before 1.1.64 and Malwarebytes for Windows v5 having an update package version < 1.0.106875 , for calculating a cryptographic hash of data bytes, truncate the hashed data if it exceeds 4GB. This could lead to colliding hash values for two different strings in some scenarios and detection misses.
GETROFFEN VERSIES
- Endpoint Agent for Linux < 1.1.64
- Malwarebytes for Windows v5 having an update package version <1.0.106875
GEPATCHTE VERSIES
- Endpoint Agent voor Linux >= 1.1.64
- Malwarebytes Windows >= 5.2.6.163 | Versie updatepakket >= 1.0.106875
MITIGATIEADVIES
We raden aan om de getroffen endpoints te upgraden naar de gepatchte versies.
DETAILS
| CWE | CVS 3.x | Vector |
| CWE-190: Integer-overloop | 8,2 Hoog | Lokaal |