UBUNTU-CVE-2021-20237

An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a denial of service. The highest threat from this vulnerability is to system availability.

References

Affected packages

Ubuntu:Pro:18.04:LTS / zeromq3

Package

Name: zeromq3
Purl: pkg:deb/ubuntu/zeromq3@4.2.5-1ubuntu0.2+esm2?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.2.5-1ubuntu0.2+esm2

Affected versions

4.*

4.2.1-4ubuntu1

4.2.2-1ubuntu2

4.2.3-1

4.2.3-1build1

4.2.5-1

4.2.5-1ubuntu0.1

4.2.5-1ubuntu0.2

4.2.5-1ubuntu0.2+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libzmq3-dev",
            "binary_version": "4.2.5-1ubuntu0.2+esm2"
        },
        {
            "binary_name": "libzmq5",
            "binary_version": "4.2.5-1ubuntu0.2+esm2"
        },
        {
            "binary_name": "libzmq5-dbgsym",
            "binary_version": "4.2.5-1ubuntu0.2+esm2"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}

Ubuntu:Pro:20.04:LTS / zeromq3

Package

Name: zeromq3
Purl: pkg:deb/ubuntu/zeromq3@4.3.2-2ubuntu1.20.04.1~esm2?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.2-2ubuntu1.20.04.1~esm2

Affected versions

4.*

4.3.2-1

4.3.2-2

4.3.2-2ubuntu1

4.3.2-2ubuntu1.20.04.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libzmq3-dev",
            "binary_version": "4.3.2-2ubuntu1.20.04.1~esm2"
        },
        {
            "binary_name": "libzmq5",
            "binary_version": "4.3.2-2ubuntu1.20.04.1~esm2"
        },
        {
            "binary_name": "libzmq5-dbgsym",
            "binary_version": "4.3.2-2ubuntu1.20.04.1~esm2"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}