Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, multiple stack-based buffer overflows exist in the Security Configuration Assessment (SCA) decoder ("wazuh-analysisd"). The use of "sprintf" with a floating-point ("%lf") format specifier on a fixed-size 128-byte buffer allows a remote attacker to overflow the stack. A specially crafted JSON event can trigger this overflow, leading to a denial of service (crash) or potential RCE on the Wazuh manager. The vulnerability is located in "/src/analysisd/decoders/security_configuration_assessment.c", within the "FillScanInfo" and "FillCheckEventInfo" functions. In multiple locations, a 128-byte buffer ("char value[OS_SIZE_128];") is allocated on the stack to hold the string representation of a number from a JSON event. The code checks if the number is an integer or a double. If it's a double, it uses "sprintf(value, "%lf", ...)" to perform the conversion. This "sprintf" call is unbounded. If a floating-point number with a large exponent (e.g., "1.0e150") is provided, "sprintf" will attempt to write its full string representation (a "1" followed by 150 zeros), which is larger than the 128-byte buffer, corrupting the stack. Version 4.14.3 patches the issue.