PatchSiren cyber security CVE debrief
CVE-2023-29146 Malwarebytes CVE debrief
CVE-2023-29146 is a vulnerability in Malwarebytes EDR 1.0.11 on Linux. The utility functions used for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value (32-bit). Attackers could create a colliding hash value for two different strings by attaching 4GB of data to a string that is less than 4GB in size. The CVSS score for this vulnerability is 8.2, indicating a HIGH severity.
- Vendor
- Malwarebytes
- Product
- Malwarebytes EDR
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Users of Malwarebytes EDR 1.0.11 on Linux should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by the truncation of hashed data if it exceeds 4GB, leading to an integer wrap-around. This allows attackers to create colliding hash values.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by Malwarebytes to fix the vulnerability.
- Use alternative hash functions that do not have this limitation.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information can be found at [ref-4].
Official resources
-
CVE-2023-29146 CVE record
CVE.org
-
CVE-2023-29146 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2023-29146 was published on 2026-06-09T19:16:41.760Z and modified on 2026-06-09T20:16:29.207Z.