Uncontrolled Resource Consumption Vulnerability in ZeroMQ by iMatix
CVE-2021-20237

7.5HIGH

Key Information:

Vendor: ZeroMQ
Status: ZeroMQ
Vendor: CVE Published:; 28 May 2021

What is CVE-2021-20237?

An uncontrolled resource consumption vulnerability has been identified in the ZeroMQ networking library, specifically in its handling of PUB messages when CURVE/ZAP authentication is disabled. This allows a remote unauthenticated attacker to exploit the flaw by sending specially crafted messages, leading to excessive memory consumption. As a result, this can disrupt service availability, posing a serious risk to the stability of applications that rely on ZeroMQ for messaging. It is crucial for users of affected versions to apply the necessary updates to mitigate this risk.

Affected Version(s)

zeromq zeromq 4.3.3

References

https://bugzilla.redhat.com/show_bug.cgi?id=1921989

x_refsource_MISC

https://github.com/zeromq/libzmq/security/advisories/GHSA...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2021
Vulnerability Reserved
Dec 17, 2020

CVE-2021-20237 Data

JSON