JLSEC-2026-516

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-516.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-516.json

JSON Data

https://api.osv.dev/v1/vulns/JLSEC-2026-516

Upstream

CVE-2021-20236

Published

2026-05-20T04:02:19.667Z

Modified

2026-05-20T04:15:03.557990351Z

Summary

[none]

Details

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Database specific

{
    "sources": [
        {
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20236",
            "database_specific": {
                "status": "Modified"
            },
            "id": "CVE-2021-20236",
            "imported": "2026-05-20T01:02:02.081Z",
            "modified": "2024-11-21T05:46:11.350Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-20236",
            "published": "2021-05-28T11:15:07.933Z"
        }
    ],
    "license": "CC-BY-4.0"
}

References

Affected packages

Julia / ZeroMQ_jll

Package

Name: ZeroMQ_jll
Purl: pkg:julia/ZeroMQ_jll?uuid=8f1865be-045e-5c20-9c9f-bfbfb0764568

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.4+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-516.json"