CVE-2021-20236

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-20236

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20236.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-20236

Downstream

DEBIAN-CVE-2021-20236

UBUNTU-CVE-2021-20236

Related

GHSA-qq65-x72m-9wr8

Published

2021-05-28T11:15:07Z

Modified

2025-08-09T19:01:27Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1921976
https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8

CVE-2021-20236

Affected packages