CVE-2021-20236

Source
https://cve.org/CVERecord?id=CVE-2021-20236
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20236.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-20236
Aliases
  • GHSA-qq65-x72m-9wr8
Downstream
Published
2021-05-28T11:15:07.933Z
Modified
2026-07-18T03:41:41.882218068Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Database specific
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:a:zeromq:zeromq:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "zeromq:zeromq",
            "extracted_events": [
                {
                    "fixed": "4.3.3"
                }
            ],
            "source": "CPE_RANGE"
        },
        {
            "cpes": [
                "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "33"
                },
                {
                    "last_affected": "33"
                }
            ],
            "vendor_product": "fedoraproject:fedora",
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:a:redhat:ceph_storage:2.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "2.0"
                },
                {
                    "last_affected": "2.0"
                }
            ],
            "vendor_product": "redhat:ceph_storage",
            "source": "CPE_STRING"
        },
        {
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "7.0"
                },
                {
                    "last_affected": "7.0"
                }
            ],
            "vendor_product": "redhat:enterprise_linux",
            "source": "CPE_STRING"
        }
    ]
}
References

Affected packages

Git / github.com/zeromq/libzmq

Affected ranges

Type
GIT
Repo
https://github.com/zeromq/libzmq
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.3.3"
        }
    ],
    "source": "DESCRIPTION"
}

Affected versions

v3.*
v3.1.0
v4.*
v4.2.0
v4.2.0-rc1
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.3.0
v4.3.1
v4.3.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20236.json"