{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-7340", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-27T15:51:18.381Z", "datePublished": "2026-03-27T15:52:47.751Z", "dateUpdated": "2026-03-27T19:41:30.868Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-27T19:41:30.868Z"}, "title": "Wazuh authd service (os_auth) Heap-based Buffer Overflow", "descriptions": [{"lang": "en", "value": "Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the authentication daemon."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "type": "CWE"}]}], "affected": [{"vendor": "Wazuh", "product": "Wazuh", "packageName": "os_auth", "versions": [{"status": "affected", "version": "3.5.0", "versionType": "semver"}, {"status": "affected", "version": "4.3.10", "versionType": "semver"}], "defaultStatus": "unaffected", "platforms": ["Linux"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "version": "3.1", "baseSeverity": "LOW", "baseScore": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}}], "references": [{"url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-grjq-p5fg-m24r", "tags": ["vendor-advisory"]}, {"url": "https://www.vulncheck.com/advisories/heap-buffer-overflow-in-wazuh-authd", "tags": ["third-party-advisory"]}], "credits": [{"lang": "en", "value": "Reported by @vikman90; credited to @stasos24.", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}, "impacts": [{"descriptions": [{"lang": "en", "value": "A heap-buffer overflow in wazuh-authd may cause memory corruption and malformed heap data, resulting in low availability impact."}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T16:55:39.979053Z", "id": "CVE-2023-7340", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T16:56:03.545Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-7340", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-27T15:51:18.381Z", "datePublished": "2026-03-27T15:52:47.751Z", "dateUpdated": "2026-03-27T19:41:30.868Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-27T19:41:30.868Z"}, "title": "Wazuh authd service (os_auth) Heap-based Buffer Overflow", "descriptions": [{"lang": "en", "value": "Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the authentication daemon."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "type": "CWE"}]}], "affected": [{"vendor": "Wazuh", "product": "Wazuh", "packageName": "os_auth", "versions": [{"status": "affected", "version": "3.5.0", "versionType": "semver"}, {"status": "affected", "version": "4.3.10", "versionType": "semver"}], "defaultStatus": "unaffected", "platforms": ["Linux"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "version": "3.1", "baseSeverity": "LOW", "baseScore": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}}], "references": [{"url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-grjq-p5fg-m24r", "tags": ["vendor-advisory"]}, {"url": "https://www.vulncheck.com/advisories/heap-buffer-overflow-in-wazuh-authd", "tags": ["third-party-advisory"]}], "credits": [{"lang": "en", "value": "Reported by @vikman90; credited to @stasos24.", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}, "impacts": [{"descriptions": [{"lang": "en", "value": "A heap-buffer overflow in wazuh-authd may cause memory corruption and malformed heap data, resulting in low availability impact."}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-7340", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-27T16:55:39.979053Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T16:55:49.928Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the authentication daemon."}], "id": "CVE-2023-7340", "lastModified": "2026-03-27T16:16:20.427", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-27T16:16:20.427", "references": [{"source": "disclosure@vulncheck.com", "url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-grjq-p5fg-m24r"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/heap-buffer-overflow-in-wazuh-authd"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-27T18:22:55.307420+00:00", "value": {"mitigation_remediation": ["Upgrade Wazuh to the latest release that includes the authd buffer overflow fix, as noted in vendor advisories.", "If a patched release is not yet available, restart the wazuh-authd service periodically to recover from crashes and restore availability until a fix is issued.", "Restrict network access to the authentication daemon using firewalls or ACLs to allow only trusted IPs or ranges.", "Monitor wazuh-authd logs and system uptime to detect unexpected crashes or restarts, and alert administrators when a crash occurs."], "summary": {"action": "Patch", "impact": "Denial of Service on authentication daemon"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the wazuh-authd service in the Wazuh security platform. All versions that include the unpatched code are vulnerable until a fix is released. Users of the Wazuh platform hosting the authentication daemon should verify whether their deployment runs the affected code base and check for a patched release.", "description_and_impact": "Wazuh authd contains a heap\u2011buffer overflow that occurs when it processes specially crafted input, leading to corruption of heap memory and malformed heap data. The result is a crash or unresponsiveness of the authentication daemon, which manifests as a denial of service that interrupts authentication services. This weakness is classified as CWE\u2011125.", "risk_and_exploitability": "The CVSS score of 5.3 classifies the issue as moderate severity; EPSS data is not available, and it is not listed in the CISA KEV catalog, so the likelihood of exploitation remains uncertain. The likely attack vector is remote attackers sending malicious payloads through the authentication interface, which can trigger memory corruption and force the daemon to crash, reducing availability. Because the vulnerability does not appear to require local or privileged access, it potentially affects any system reachable over the network to the authentication service."}}}}, "created": "2026-03-27T20:28:15.013101+00:00", "updated": "2026-03-27T20:28:15.013175+00:00", "vendors": []}