← Zuruck zu CVEs
CVE-2019-13132
CRITICAL9.8
Beschreibung
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht7/10/2019
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
canonical:ubuntu_linuxdebian:debian_linuxfedoraproject:fedorazeromq:libzmq
Schwachen (CWE)
CWE-787
Referenzen
http://www.openwall.com/lists/oss-security/2019/07/08/6(cve@mitre.org)
http://www.securityfocus.com/bid/109284(cve@mitre.org)
https://fangpenlin.com/posts/2024/04/07/how-i-discovered-a-9-point-8-critical-security-vulnerability-in-zeromq-with-mostly-pure-luck/(cve@mitre.org)
https://github.com/zeromq/libzmq/issues/3558(cve@mitre.org)
https://github.com/zeromq/libzmq/releases(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVCTNUEOFFZUNJOXFCYCF3C6Y6NDILI3/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MK7SJYDJ7MMRRRPCUN3SCSE7YK6ZSHVS/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6HINI24SL7CU6XIJWUOSGTZWEFOOL7X/(cve@mitre.org)
https://news.ycombinator.com/item?id=39970716(cve@mitre.org)
https://seclists.org/bugtraq/2019/Jul/13(cve@mitre.org)
https://security.gentoo.org/glsa/201908-17(cve@mitre.org)
https://usn.ubuntu.com/4050-1/(cve@mitre.org)
https://www.debian.org/security/2019/dsa-4477(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00033.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2019/07/08/6(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/109284(af854a3a-2127-422b-91ae-364da2661108)
https://fangpenlin.com/posts/2024/04/07/how-i-discovered-a-9-point-8-critical-security-vulnerability-in-zeromq-with-mostly-pure-luck/(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/zeromq/libzmq/issues/3558(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/zeromq/libzmq/releases(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/07/msg00007.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVCTNUEOFFZUNJOXFCYCF3C6Y6NDILI3/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MK7SJYDJ7MMRRRPCUN3SCSE7YK6ZSHVS/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6HINI24SL7CU6XIJWUOSGTZWEFOOL7X/(af854a3a-2127-422b-91ae-364da2661108)
https://news.ycombinator.com/item?id=39970716(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Jul/13(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201908-17(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4050-1/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2019/dsa-4477(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.