Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2024-36462

CVE-2024-36462: Zabbix DoS Vulnerability

CVE-2024-36462 is a denial-of-service flaw in Zabbix caused by uncontrolled resource consumption that allows attackers to exhaust system resources. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2024-36462 Overview

CVE-2024-36462 is an uncontrolled resource consumption vulnerability affecting Zabbix monitoring software. The flaw is tracked under CWE-770 (Allocation of Resources Without Limits or Throttling). A remote, unauthenticated attacker can exploit the issue over the network to exhaust CPU, memory, or network bandwidth on the targeted Zabbix instance. Successful exploitation leads to a denial-of-service (DoS) condition that degrades or disables monitoring availability across the affected environment.

Critical Impact

Remote attackers can trigger resource exhaustion against Zabbix 7.0.0 without authentication, resulting in service unavailability for centralized infrastructure monitoring.

Affected Products

  • Zabbix 7.0.0
  • Zabbix server component (zabbix:zabbix)
  • Deployments exposing Zabbix services to untrusted networks

Discovery Timeline

  • 2024-08-12 - CVE-2024-36462 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2024-36462

Vulnerability Analysis

The vulnerability stems from improper limits on resource allocation within Zabbix. When the affected component processes incoming requests, it does not enforce sufficient throttling or quotas on the resources it consumes. An attacker who can reach the service over the network can submit requests that cause disproportionate CPU, memory, or bandwidth usage on the server.

Because the attack requires no privileges and no user interaction, exploitation is straightforward against any reachable Zabbix 7.0.0 instance. The impact is limited to availability — confidentiality and integrity are not affected — but Zabbix outages directly degrade visibility into the infrastructure it monitors, which has cascading operational impact.

Root Cause

The root cause is the absence of bounded resource allocation controls in the affected request-handling path. Without ceilings on memory allocation, request size, or concurrent processing, repeated or oversized inputs accumulate until the host can no longer service legitimate traffic. The weakness is classified under CWE-770: Allocation of Resources Without Limits or Throttling.

Attack Vector

The attack vector is network-based and requires no authentication. An attacker sends crafted requests to an exposed Zabbix 7.0.0 server endpoint to trigger excessive resource consumption. Repeated exploitation produces a sustained denial-of-service condition. Detailed reproduction information is tracked by the vendor in Zabbix Support Issue ZBX-25019.

Detection Methods for CVE-2024-36462

Indicators of Compromise

  • Sustained spikes in CPU or memory usage on the Zabbix server process without a corresponding increase in monitored hosts or items.
  • Unusually large or high-volume requests targeting Zabbix network listeners from a small number of source addresses.
  • Zabbix frontend or API timeouts and dropped agent connections during the resource spike.

Detection Strategies

  • Baseline normal Zabbix server resource utilization and alert on sustained deviations beyond expected thresholds.
  • Inspect network logs and reverse-proxy access logs for repetitive or oversized requests to Zabbix endpoints.
  • Correlate Zabbix process restarts or OOM-killer events with inbound request patterns from external sources.

Monitoring Recommendations

  • Forward Zabbix server logs, OS resource metrics, and network telemetry to a centralized analytics platform for correlation.
  • Monitor for sudden loss of agent check-ins, which can indicate the server is saturated rather than the agents being offline.
  • Track upstream firewall and load-balancer counters for abnormal connection rates to Zabbix listener ports.

How to Mitigate CVE-2024-36462

Immediate Actions Required

  • Restrict network exposure of Zabbix 7.0.0 servers so only trusted management networks can reach the service.
  • Apply the vendor-supplied fix tracked in Zabbix Support Issue ZBX-25019 as soon as it is available for your deployment.
  • Place Zabbix behind a reverse proxy or WAF capable of enforcing request rate limits and size caps.

Patch Information

Zabbix tracks remediation for this issue under ZBX-25019. Administrators running Zabbix 7.0.0 should upgrade to the fixed release identified in that ticket and validate that monitoring functions normally after the upgrade.

Workarounds

  • Enforce per-source connection and request-rate limits at the network edge in front of Zabbix.
  • Apply OS-level resource limits (for example, cgroups memory and CPU caps) to the Zabbix server process to contain runaway consumption.
  • Restrict access to Zabbix listener ports via firewall rules so only known agents, proxies, and operators can connect.
bash
# Configuration example: restrict Zabbix server access with iptables
iptables -A INPUT -p tcp --dport 10051 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -p tcp --dport 10051 -j DROP

# Example cgroup limits for the Zabbix server process (systemd unit override)
# /etc/systemd/system/zabbix-server.service.d/limits.conf
[Service]
MemoryMax=4G
CPUQuota=200%

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.