CVE-2023-29146
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: MITRE

Description
The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value (32-bit). Attackers could create a colliding hash value for two different strings by attaching 4GB of data to a string that is less than 4GB in size.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2023-29146
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
malwarebytes edr 1.0.11
malwarebytes endpoint_agent From 1.1.64 (inc)
malwarebytes malwarebytes From 1.0.106875 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Malwarebytes Endpoint Agent for Linux and Malwarebytes for Windows. It involves a cryptographic hash function that truncates data exceeding 4GB, causing an integer wrap-around due to a 32-bit unsigned integer limit. As a result, attackers can create two different strings that produce the same hash value by appending 4GB of data to a smaller string, leading to hash collisions.

Impact Analysis

The vulnerability can lead to detection bypasses and missed malware detections because the hash collisions allow malicious data to appear identical to benign data in the hashing process. This undermines the reliability of malware detection mechanisms in affected Malwarebytes products.

Mitigation Strategies

To mitigate this vulnerability, users should upgrade their Malwarebytes software to the patched versions.

  • Upgrade Malwarebytes Endpoint Agent for Linux to version 1.1.64 or later.
  • Upgrade Malwarebytes for Windows v5 with update package to version 1.0.106875 or higher.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-29146. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart