CVE-2023-7340
Heap-Buffer Overflow in Wazuh authd Causes Denial of Service
Publication date: 2026-03-27
Last updated on: 2026-03-31
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wazuh | wazuh | to 3.5.0 (inc) |
| wazuh | wazuh | 4.3.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Wazuh authd causes a denial of service condition with low availability impact but does not affect confidentiality or integrity of data.
Since there is no direct impact on confidentiality or integrity, the vulnerability itself does not directly compromise compliance with standards like GDPR or HIPAA, which primarily focus on protecting data privacy and integrity.
However, the availability impact, although low, could affect system uptime and service availability, which may indirectly influence compliance depending on the specific requirements of the regulation or organizational policies.
Can you explain this vulnerability to me?
CVE-2023-7340 is a heap buffer overflow vulnerability found in the wazuh-authd component of the Wazuh security platform. It occurs because the software improperly handles data stored on the heap, specifically reading one byte beyond a 61-byte allocated buffer during authentication data processing. This out-of-bounds read leads to memory corruption.
The vulnerability is triggered when specially crafted input is sent to the authentication daemon, causing the heap buffer overflow in the function responsible for parsing authentication data. Exploiting this flaw requires user interaction and can be done remotely over the network.
How can this vulnerability impact me? :
This vulnerability can cause memory corruption in the Wazuh authentication daemon, which may lead to a denial of service (DoS) condition. The impact is primarily on availability, potentially causing the authentication service to become unavailable or unstable.
There is no direct impact on confidentiality or integrity of data, but the low availability impact means that authentication services could be disrupted, affecting system operations that rely on Wazuh authentication.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a heap buffer overflow in the wazuh-authd component caused by out-of-bounds reads during authentication data parsing.
Detection can involve monitoring the authentication daemon for crashes or memory corruption symptoms, especially triggered by malformed input.
A technical approach includes building Wazuh with AddressSanitizer enabled (using Clang with the -fsanitize=address flag) to detect heap-buffer-overflow errors during testing.
No specific network detection commands or signatures are provided, but fuzzing input to the authentication daemon and monitoring logs or crashes can help identify exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
As of the report, no patched versions of Wazuh are available to fix this vulnerability.
Immediate mitigation steps include limiting access to the wazuh-authd service to trusted users and networks to reduce exposure.
Monitoring the authentication daemon for unusual crashes or behavior can help detect exploitation attempts early.
Consider applying runtime protections such as AddressSanitizer during testing or deploying additional network-level protections like firewalls or intrusion detection systems to block malformed inputs.