UBUNTU-CVE-2021-20236

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2021-20236

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-20236.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-20236

Related

CVE-2021-20236

Published

2021-05-28T11:15:00Z

Modified

2025-01-13T10:22:28Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

References

Affected packages

Ubuntu:Pro:14.04:LTS / zeromq3

Package

Name: zeromq3
Purl: pkg:deb/ubuntu/zeromq3@4.0.4+dfsg-2ubuntu0.1+esm3?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.2.3+dfsg-2

3.2.4+dfsg-1

3.2.4+dfsg-2

3.2.4+dfsg-3

3.2.4+dfsg-4

4.*

4.0.3+dfsg-1

4.0.4+dfsg-2

4.0.4+dfsg-2ubuntu0.1

4.0.4+dfsg-2ubuntu0.1+esm1

4.0.4+dfsg-2ubuntu0.1+esm2

4.0.4+dfsg-2ubuntu0.1+esm3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / zeromq3

Package

Name: zeromq3
Purl: pkg:deb/ubuntu/zeromq3@4.1.4-7ubuntu0.1+esm2?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.0.5+dfsg-3ubuntu1~gcc5.1

4.0.5+dfsg-3ubuntu2

4.1.4-7

4.1.4-7ubuntu0.1

4.1.4-7ubuntu0.1+esm1

4.1.4-7ubuntu0.1+esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / zeromq3

Package

Name: zeromq3
Purl: pkg:deb/ubuntu/zeromq3@4.2.5-1ubuntu0.2+esm2?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.2.1-4ubuntu1

4.2.2-1ubuntu2

4.2.3-1

4.2.3-1build1

4.2.5-1

4.2.5-1ubuntu0.1

4.2.5-1ubuntu0.2

4.2.5-1ubuntu0.2+esm1

4.2.5-1ubuntu0.2+esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / zeromq3

Package

Name: zeromq3
Purl: pkg:deb/ubuntu/zeromq3@4.3.2-2ubuntu1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.3.2-1

4.3.2-2

4.3.2-2ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / zeromq3

Package

Name: zeromq3
Purl: pkg:deb/ubuntu/zeromq3@4.3.4-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.4-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "4.3.4-1",
            "binary_name": "libzmq3-dev"
        },
        {
            "binary_version": "4.3.4-1",
            "binary_name": "libzmq5"
        },
        {
            "binary_version": "4.3.4-1",
            "binary_name": "libzmq5-dbgsym"
        }
    ]
}