CVE-2020-36400Out-of-bounds Write in Libzmq

CWE-787Out-of-bounds Write4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.5%
top 32.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zeromq LibzmqDebian Zeromq3
Timeline
PublishedJul 1
Latest updateMay 24

Description

ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a different vulnerability than CVE-2021-20235.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDzeromq/libzmq4.3.3

Patches

Patch: bugs.chromium.orgPatch: github.comPatch: bugs.chromium.org

🔴Vulnerability Details

1
GHSA
GHSA-fw28-qj4f-2jpx: ZeroMQ libzmq 42022-05-24

📋Vendor Advisories

2
Red Hat
zeromq: heap-based buffer overflow in zmq::tcp_read2021-07-01
Debian
CVE-2020-36400: zeromq3 - ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a differe...2020