CVE-2021-20235 — Classic Buffer Overflow in Libzmq

CWE-120 — Classic Buffer Overflow CWE-787 — Out-of-bounds Write11 documents6 sources

Severity

9.8CRITICALNVD

NVD8.1OSV8.1

EPSS

9.7%

top 7.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zeromq Libzmq Debian Zeromq3

Timeline

PublishedApr 1

Latest updateJun 15

Description

There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zeromq server could trigger a buffer overflow WRITE of arbitrary data if CURVE/ZAP authentication is not enabled. The greatest impact of this flaw is to application availability, data integrity, and confidentiality.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶NVDzeromq/libzmq4.2.0 — 4.3.3+1

▶debiandebian/zeromq3< zeromq3 4.3.3-1 (bookworm)+1

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

zeromq3 vulnerabilities↗2022-06-15

▶

GHSA

GHSA-hrfc-mjc4-cv8f: There's a flaw in the zeromq server in versions before 4↗2022-05-24

▶

GHSA

GHSA-fw28-qj4f-2jpx: ZeroMQ libzmq 4↗2022-05-24

▶

OSV

CVE-2021-20235: There's a flaw in the zeromq server in versions before 4↗2021-04-01

▶

📋Vendor Advisories

Ubuntu

ZeroMQ vulnerabilities↗2022-06-15

▶

Red Hat

zeromq: heap-based buffer overflow in zmq::tcp_read↗2021-07-01

▶

Debian

CVE-2021-20235: zeromq3 - There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allo...↗2021

▶

Red Hat

zeromq: Heap overflow when receiving malformed ZMTP v1 packets↗2020-09-07

▶

Debian

CVE-2020-36400: zeromq3 - ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a differe...↗2020

▶