CVE-2019-6250Integer Overflow or Wraparound in Libzmq

CWE-190Integer Overflow or Wraparound9 documents7 sources
Severity
8.8HIGHNVD
EPSS
28.6%
top 3.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Zeromq LibzmqDebian Zeromq3Debian Linux
Timeline
PublishedJan 13
Latest updateMay 14

Description

A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer (i.e., it is not ne

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDzeromq/libzmq4.3.04.3.1+1
debiandebian/zeromq3< zeromq3 4.3.1-1 (bookworm)

Also affects: Debian Linux 9.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-383h-xx34-hq84: A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 42022-05-14
OSV
CVE-2019-6250: A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 42019-01-13

📋Vendor Advisories

2
Red Hat
zeromq: Integer overflow in zmq::v2_decoder_t::size_ready2019-01-08
Debian
CVE-2019-6250: zeromq3 - A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0M...2019

📄Research Papers

1
arXiv
Attack of the Clones: Measuring the Maintainability, Originality and Security of Bitcoin 'Forks' in the Wild2022-01-21

💬Community

3
Bugzilla
CVE-2019-6250 zeromq: Integer overflow in zmq::v2_decoder_t::size_ready [epel-all]2019-01-14
Bugzilla
CVE-2019-6250 zeromq: Integer overflow in zmq::v2_decoder_t::size_ready [fedora-all]2019-01-14
Bugzilla
CVE-2019-6250 zeromq: Integer overflow in zmq::v2_decoder_t::size_ready2019-01-14