CVE-2021-20235
published 2021-04-01CVE-2021-20235: There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the…
PriorityP268high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
43.86%
98.6th percentile
There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zeromq server could trigger a buffer overflow WRITE of arbitrary data if CURVE/ZAP authentication is not enabled. The greatest impact of this flaw is to application availability, data integrity, and confidentiality.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | zeromq3 | < zeromq3 4.3.3-1 (bookworm) | zeromq3 4.3.3-1 (bookworm) |
| debian | zeromq3 | — | — |
| zeromq | libzmq | — | — |
| zeromq | libzmq | >= 4.2.0 < 4.3.3 | 4.3.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerable code is located in src/decoder_allocators.hpp — the decoder static allocator buffer overflow write occurs in this file; patch presence/absence in this file can confirm exposure. ↗
- →The vulnerability is triggered by malformed ZMTP v1 packets sent to the ZeroMQ server; monitor for anomalous/malformed ZMTP v1 traffic on ZeroMQ listener ports. ↗
- →Exploitation requires CURVE/ZAP authentication to be DISABLED; audit ZeroMQ deployments for missing authentication configuration as a risk prioritization signal. ↗
- →The attacker is remote and unauthenticated — no prior session or credentials needed; any exposed ZeroMQ port without CURVE/ZAP is an attack surface. ↗
- ·Vulnerability only affects zeromq versions before 4.3.3; fixed in version 4.3.3-1 on Debian-based systems. Verify installed version to confirm exposure. ↗
- ·On Ubuntu, this issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM — other Ubuntu releases are not impacted. ↗
- ·Red Hat Enterprise Linux and Red Hat Ceph Storage are stated as not affected (for the related CVE-2020-36400); zeromq3 in Red Hat Ceph Storage 2 is out of support scope for CVE-2021-20235. ↗
- ·CVE-2021-20235 and CVE-2020-36400 are distinct vulnerabilities both involving the static allocator/tcp_read path in ZeroMQ; do not conflate detections for the two. ↗
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8LOW
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
ZeroMQ vulnerabilities
vendor_ubuntu·2022-06-15·CVSS 9.8
CVE-2020-15166 [CRITICAL] ZeroMQ vulnerabilities
Title: ZeroMQ vulnerabilities
Summary: Several security issues were fixed in ZeroMQ.
It was discovered that ZeroMQ incorrectly handled certain application
metadata. A remote attacker could use this issue to cause ZeroMQ to crash,
or possibly execute arbitrary code. (CVE-2019-13132)
It was discovered that ZeroMQ mishandled certain network traffic. An
unauthenticated attacker could use this vulnerability to cause a denial-of-
service and prevent legitimate clients from communicating with ZeroMQ.
(CVE-2020-15166)
It was discovered that ZeroMQ did not properly manage memory under certain
circumstances. If a user or automated system were tricked into connecting
to one or multiple compromised servers, a remote attacker could use this
issue to cause a denial of service. (CVE-2021-20234)
It w
Red Hat
zeromq: heap-based buffer overflow in zmq::tcp_read
vendor_redhat·2021-07-01·CVSS 9.8
CVE-2020-36400 [CRITICAL] CWE-787 zeromq: heap-based buffer overflow in zmq::tcp_read
zeromq: heap-based buffer overflow in zmq::tcp_read
ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a different vulnerability than CVE-2021-20235.
A flaw has been identified in zeromq. A heap-based buffer overflow is possible in zmq::tcp_read by resizing a fixed static allocator. The highest threat from this vulnerability is to system availability.
Statement: Red Hat Enterprise Linux and Red Hat Ceph Storage are not affected by this flaw as they do not ship the vulnerable code.
Package: zeromq3 (Red Hat Ceph Storage 2) - Not affected
Debian
CVE-2021-20235: zeromq3 - There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allo...
vendor_debian·2021·CVSS 8.1
CVE-2021-20235 [HIGH] CVE-2021-20235: zeromq3 - There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allo...
There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zeromq server could trigger a buffer overflow WRITE of arbitrary data if CURVE/ZAP authentication is not enabled. The greatest impact of this flaw is to application availability, data integrity, and confidentiality.
Scope: local
bookworm: resolved (fixed in 4.3.3-1)
bullseye: resolved (fixed in 4.3.3-1)
forky: resolved (fixed in 4.3.3-1)
sid: resolved (fixed in 4.3.3-1)
trixie: resolved (fixed in 4.3.3-1)
Red Hat
zeromq: Heap overflow when receiving malformed ZMTP v1 packets
vendor_redhat·2020-09-07·CVSS 8.1
CVE-2021-20235 [HIGH] CWE-120 zeromq: Heap overflow when receiving malformed ZMTP v1 packets
zeromq: Heap overflow when receiving malformed ZMTP v1 packets
There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zeromq server could trigger a buffer overflow WRITE of arbitrary data if CURVE/ZAP authentication is not enabled. The greatest impact of this flaw is to application availability, data integrity, and confidentiality.
There's a flaw in the zeromq server in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a
Debian
CVE-2020-36400: zeromq3 - ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a differe...
vendor_debian·2020·CVSS 9.8
CVE-2020-36400 [CRITICAL] CVE-2020-36400: zeromq3 - ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a differe...
ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a different vulnerability than CVE-2021-20235.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
OSV
zeromq3 vulnerabilities
osv·2022-06-15·CVSS 9.8
CVE-2019-13132 [CRITICAL] zeromq3 vulnerabilities
zeromq3 vulnerabilities
It was discovered that ZeroMQ incorrectly handled certain application
metadata. A remote attacker could use this issue to cause ZeroMQ to crash,
or possibly execute arbitrary code. (CVE-2019-13132)
It was discovered that ZeroMQ mishandled certain network traffic. An
unauthenticated attacker could use this vulnerability to cause a denial-of-
service and prevent legitimate clients from communicating with ZeroMQ.
(CVE-2020-15166)
It was discovered that ZeroMQ did not properly manage memory under certain
circumstances. If a user or automated system were tricked into connecting
to one or multiple compromised servers, a remote attacker could use this
issue to cause a denial of service. (CVE-2021-20234)
It was discovered that ZeroMQ incorrectly handled memory when proc
GHSA
GHSA-hrfc-mjc4-cv8f: There's a flaw in the zeromq server in versions before 4
ghsa_unreviewed·2022-05-24
CVE-2021-20235 [HIGH] CWE-120 GHSA-hrfc-mjc4-cv8f: There's a flaw in the zeromq server in versions before 4
There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zeromq server could trigger a buffer overflow WRITE of arbitrary data if CURVE/ZAP authentication is not enabled. The greatest impact of this flaw is to application availability, data integrity, and confidentiality.
GHSA
GHSA-fw28-qj4f-2jpx: ZeroMQ libzmq 4
ghsa_unreviewed·2022-05-24·CVSS 8.1
CVE-2020-36400 [HIGH] CWE-787 GHSA-fw28-qj4f-2jpx: ZeroMQ libzmq 4
ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a different vulnerability than CVE-2021-20235.
OSV
CVE-2021-20235: There's a flaw in the zeromq server in versions before 4
osv·2021-04-01·CVSS 8.1
CVE-2021-20235 [HIGH] CVE-2021-20235: There's a flaw in the zeromq server in versions before 4
There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zeromq server could trigger a buffer overflow WRITE of arbitrary data if CURVE/ZAP authentication is not enabled. The greatest impact of this flaw is to application availability, data integrity, and confidentiality.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-04-01
Published