Buffer Overflow Vulnerability in ZeroMQ Server Affects Multiple Versions by Affects
CVE-2021-20236

9.8CRITICAL

Key Information:

Vendor: ZeroMQ
Status: ZeroMQ
Vendor: CVE Published:; 28 May 2021

What is CVE-2021-20236?

A critical flaw exists in the ZeroMQ server prior to version 4.3.3, allowing a malicious client to exploit stack buffer overflow vulnerabilities. By sending specially crafted topic subscription requests and subsequently unsubscribing, the attacker can compromise server stability. This vulnerability endangers the confidentiality and integrity of system data while potentially disrupting service availability. Immediate attention is advised to mitigate associated risks.

Affected Version(s)

zeromq zeromq 4.3.3

References

https://bugzilla.redhat.com/show_bug.cgi?id=1921976

x_refsource_MISC

https://github.com/zeromq/libzmq/security/advisories/GHSA...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2021
Vulnerability Reserved
Dec 17, 2020

CVE-2021-20236 Data

JSON