Stack-based Buffer Overflow in ZoneMinder Affects Unauthenticated Users
CVE-2019-6991

9.8CRITICAL

Key Information:

Vendor: Zoneminder
Status: Zoneminder
Vendor: CVE Published:; 3 October 2022

What is CVE-2019-6991?

A stack-based buffer overflow vulnerability exists in the zmLoadUser() function within zm_user.cpp of the zmu binary in ZoneMinder. This issue, present in versions up to 1.32.3, allows unauthenticated attackers to exploit the vulnerability by providing excessively long usernames, potentially leading to arbitrary code execution. Administrators are advised to implement necessary updates and mitigate risks to maintain system integrity.

References

https://github.com/ZoneMinder/zoneminder/pull/2482

x_refsource_MISC

https://github.com/ZoneMinder/zoneminder/issues/2478

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 3, 2022
Vulnerability Reserved
Oct 3, 2022

Zoneminder

What is CVE-2019-6991?

References

CVSS V3.1

Timeline