CVE-2019-6991
published 2019-01-28CVE-2019-6991: A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an…
PriorityP259critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.31%
87.0th percentile
A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | zoneminder | < zoneminder 1.32.3-2 (bookworm) | zoneminder 1.32.3-2 (bookworm) |
| zoneminder | zoneminder | <= 1.32.3 | — |
| zoneminder | zoneminder | >= 0 < 1.32.3-2 | 1.32.3-2 |
| zoneminder | zoneminder | >= 0 < 1.32.3-2 | 1.32.3-2 |
| zoneminder | zoneminder | >= 0 < 1.32.3-2 | 1.32.3-2 |
| zoneminder | zoneminder | >= 0 < 1.32.3-2 | 1.32.3-2 |
| zoneminder | zoneminder | >= 0 < 1.29.0+dfsg-1ubuntu2+esm1 | 1.29.0+dfsg-1ubuntu2+esm1 |
| zoneminder | zoneminder | >= 0 < 1.32.3-2ubuntu2+esm1 | 1.32.3-2ubuntu2+esm1 |
| zoneminder | zoneminder | >= 0 < 1.36.12+dfsg1-1ubuntu0.1~esm1 | 1.36.12+dfsg1-1ubuntu0.1~esm1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered via a long username string passed to the zmLoadUser() function in zm_user.cpp of the zmu binary — monitor for abnormally long username inputs to ZoneMinder's zmu binary ↗
- →Target function is zmLoadUser() in zm_user.cpp within the zmu binary of ZoneMinder — focus code/binary analysis and runtime monitoring on this specific function and binary ↗
- ·Affected versions are ZoneMinder through 1.32.3; Debian packages fixed in version 1.32.3-2 across bookworm, bullseye, forky, sid, and trixie ↗
- ·The vulnerability is exploitable by unauthenticated attackers, meaning no credentials are required to trigger the stack-based buffer overflow ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_ubuntu6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
zoneminder vulnerabilities
osv·2023-02-27·CVSS 6.1
CVE-2019-6777 [MEDIUM] zoneminder vulnerabilities
zoneminder vulnerabilities
It was discovered that ZoneMinder was not properly sanitizing URL
parameters for certain views. An attacker could possibly use this issue to
perform a cross-site scripting (XSS) attack. This issue was only fixed in
Ubuntu 16.04 ESM. (CVE-2019-6777)
It was discovered that ZoneMinder was not properly sanitizing stored user
input later printed to the user in certain views. An attacker could
possibly use this issue to perform a cross-site scripting (XSS) attack.
This issue was only fixed in Ubuntu 16.04 ESM. (CVE-2019-6990,
CVE-2019-6992)
It was discovered that ZoneMinder was not properly limiting data size and
not properly performing bound checks when processing username and password
data, which could lead to a stack buffer overflow. An attacker could
possibly us
GHSA
GHSA-j63x-h9vw-pgh3: A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user
ghsa_unreviewed·2022-05-13
CVE-2019-6991 [CRITICAL] CWE-787 GHSA-j63x-h9vw-pgh3: A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user
A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username.
OSV
CVE-2019-6991: A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user
osv·2019-01-28·CVSS 9.8
CVE-2019-6991 [CRITICAL] CVE-2019-6991: A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user
A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username.
Ubuntu
ZoneMinder vulnerabilities
vendor_ubuntu·2023-02-27·CVSS 6.1
CVE-2019-7332 [MEDIUM] ZoneMinder vulnerabilities
Title: ZoneMinder vulnerabilities
Summary: Several security issues were fixed in ZoneMinder.
It was discovered that ZoneMinder was not properly sanitizing URL
parameters for certain views. An attacker could possibly use this issue to
perform a cross-site scripting (XSS) attack. This issue was only fixed in
Ubuntu 16.04 ESM. (CVE-2019-6777)
It was discovered that ZoneMinder was not properly sanitizing stored user
input later printed to the user in certain views. An attacker could
possibly use this issue to perform a cross-site scripting (XSS) attack.
This issue was only fixed in Ubuntu 16.04 ESM. (CVE-2019-6990,
CVE-2019-6992)
It was discovered that ZoneMinder was not properly limiting data size and
not properly performing bound checks when processing username and password
data, which c
Debian
CVE-2019-6991: zoneminder - A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_...
vendor_debian·2019·CVSS 9.8
CVE-2019-6991 [CRITICAL] CVE-2019-6991: zoneminder - A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_...
A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username.
Scope: local
bookworm: resolved (fixed in 1.32.3-2)
bullseye: resolved (fixed in 1.32.3-2)
forky: resolved (fixed in 1.32.3-2)
sid: resolved (fixed in 1.32.3-2)
trixie: resolved (fixed in 1.32.3-2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-01-28
Published