CVE-2023-29146
Published: 09 June 2026
Summary
CVE-2023-29146 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Malwarebytes EDR (inferred from references). Its CVSS base score is 8.2 (High).
Operationally, ranked at the 2.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
No EU or UK CSIRT advisories indexed for this CVE.
Vulnerability details
The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum…
more
unsigned integer value (32-bit). Attackers could create a colliding hash value for two different strings by attaching 4GB of data to a string that is less than 4GB in size.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.