CVE-2023-29146
Deferred Deferred - Pending Action

Hash Collision Vulnerability in Malwarebytes EDR Linux Utility

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: MITRE

Description
The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value (32-bit). Attackers could create a colliding hash value for two different strings by attaching 4GB of data to a string that is less than 4GB in size.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-30
AI Q&A
2026-06-09
EPSS Evaluated
2026-06-28
NVD
CVE-2023-29146

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
malwarebytes edr 1.0.11
malwarebytes endpoint_agent From 1.1.64 (inc)
malwarebytes malwarebytes From 1.0.106875 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

The vulnerability can lead to detection bypasses and missed malware detections because the hash collisions allow malicious data to appear identical to benign data in the hashing process. This undermines the reliability of malware detection mechanisms in affected Malwarebytes products.

Mitigation Strategies

To mitigate this vulnerability, users should upgrade their Malwarebytes software to the patched versions.

  • Upgrade Malwarebytes Endpoint Agent for Linux to version 1.1.64 or later.
  • Upgrade Malwarebytes for Windows v5 with update package to version 1.0.106875 or higher.
Executive Summary

This vulnerability affects Malwarebytes Endpoint Agent for Linux and Malwarebytes for Windows. It involves a cryptographic hash function that truncates data exceeding 4GB, causing an integer wrap-around due to a 32-bit unsigned integer limit. As a result, attackers can create two different strings that produce the same hash value by appending 4GB of data to a smaller string, leading to hash collisions.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-29146. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart