CVE-2021-20236

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-20236

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20236.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-20236

Related

GHSA-qq65-x72m-9wr8
UBUNTU-CVE-2021-20236

Published

2021-05-28T11:15:07Z

Modified

2024-11-21T05:46:11Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

References

Affected packages

Debian:11 / zeromq3

Package

Name: zeromq3
Purl: pkg:deb/debian/zeromq3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / zeromq3

Package

Name: zeromq3
Purl: pkg:deb/debian/zeromq3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / zeromq3

Package

Name: zeromq3
Purl: pkg:deb/debian/zeromq3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}