CVE-2021-20234
published 2021-04-01CVE-2021-20234: An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client…
PriorityP427medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
1.07%
60.7th percentile
An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | zeromq3 | < zeromq3 4.3.3-1 (bookworm) | zeromq3 4.3.3-1 (bookworm) |
| zeromq | libzmq | < 4.3.3 | 4.3.3 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
ZeroMQ vulnerabilities
vendor_ubuntu·2022-06-15·CVSS 9.8
CVE-2020-15166 [CRITICAL] ZeroMQ vulnerabilities
Title: ZeroMQ vulnerabilities
Summary: Several security issues were fixed in ZeroMQ.
It was discovered that ZeroMQ incorrectly handled certain application
metadata. A remote attacker could use this issue to cause ZeroMQ to crash,
or possibly execute arbitrary code. (CVE-2019-13132)
It was discovered that ZeroMQ mishandled certain network traffic. An
unauthenticated attacker could use this vulnerability to cause a denial-of-
service and prevent legitimate clients from communicating with ZeroMQ.
(CVE-2020-15166)
It was discovered that ZeroMQ did not properly manage memory under certain
circumstances. If a user or automated system were tricked into connecting
to one or multiple compromised servers, a remote attacker could use this
issue to cause a denial of service. (CVE-2021-20234)
It w
Debian
CVE-2021-20234: zeromq3 - An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ ...
vendor_debian·2021·CVSS 6.5
CVE-2021-20234 [MEDIUM] CVE-2021-20234: zeromq3 - An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ ...
An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability.
Scope: local
bookworm: resolved (fixed in 4.3.3-1)
bullseye: resolved (fixed in 4.3.3-1)
forky: resolved (fixed in 4.3.3-1)
sid: resolved (fixed in 4.3.3-1)
trixie: resolved (fixed in 4.3.3-1)
Red Hat
zeromq: Memory leak in client induced by malicious server without CURVE/ZAP
vendor_redhat·2020-09-07·CVSS 6.5
CVE-2021-20234 [MEDIUM] CWE-400 zeromq: Memory leak in client induced by malicious server without CURVE/ZAP
zeromq: Memory leak in client induced by malicious server without CURVE/ZAP
An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability.
An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability.
Package: zeromq3 (Red Hat Ceph Storage 2) - Out of support scope
OSV
zeromq3 vulnerabilities
osv·2022-06-15·CVSS 9.8
CVE-2019-13132 [CRITICAL] zeromq3 vulnerabilities
zeromq3 vulnerabilities
It was discovered that ZeroMQ incorrectly handled certain application
metadata. A remote attacker could use this issue to cause ZeroMQ to crash,
or possibly execute arbitrary code. (CVE-2019-13132)
It was discovered that ZeroMQ mishandled certain network traffic. An
unauthenticated attacker could use this vulnerability to cause a denial-of-
service and prevent legitimate clients from communicating with ZeroMQ.
(CVE-2020-15166)
It was discovered that ZeroMQ did not properly manage memory under certain
circumstances. If a user or automated system were tricked into connecting
to one or multiple compromised servers, a remote attacker could use this
issue to cause a denial of service. (CVE-2021-20234)
It was discovered that ZeroMQ incorrectly handled memory when proc
GHSA
GHSA-47vr-832f-crm9: An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4
ghsa_unreviewed·2022-05-24
CVE-2021-20234 [MEDIUM] CWE-400 GHSA-47vr-832f-crm9: An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4
An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability.
OSV
CVE-2021-20234: An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4
osv·2021-04-01·CVSS 6.5
CVE-2021-20234 [MEDIUM] CVE-2021-20234: An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4
An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-04-01
Published