Buffer Overflow Vulnerability in ZeroMQ Library by iMatix Corporation
CVE-2019-13132

9.8CRITICAL

Key Information:

Vendor

ZeroMQ

Status
LibzMQ
Vendor
CVE Published:
10 July 2019

What is CVE-2019-13132?

In earlier versions of the ZeroMQ library (libzmq), a significant vulnerability exists that allows a remote and unauthenticated client to connect and potentially cause a stack overflow. This vulnerability arises from improper handling of buffers, leading to arbitrary data being written to the stack. Systems running public servers with CURVE encryption and authentication enabled should prioritize immediate upgrades as there are currently no available mitigations.

References

http://www.openwall.com/lists/oss-security/2019/07/08/6
mailing-list
https://lists.debian.org/debian-lts-announce/2019/07/msg0...
mailing-list
https://usn.ubuntu.com/4050-1/
vendor-advisory

EPSS Score

27% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.