← Back to CVEs
CVE-2019-13132
CRITICAL9.8
Description
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published7/10/2019
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
canonical:ubuntu_linuxdebian:debian_linuxfedoraproject:fedorazeromq:libzmq
Weaknesses (CWE)
CWE-787
References
http://www.openwall.com/lists/oss-security/2019/07/08/6(cve@mitre.org)
http://www.securityfocus.com/bid/109284(cve@mitre.org)
https://fangpenlin.com/posts/2024/04/07/how-i-discovered-a-9-point-8-critical-security-vulnerability-in-zeromq-with-mostly-pure-luck/(cve@mitre.org)
https://github.com/zeromq/libzmq/issues/3558(cve@mitre.org)
https://github.com/zeromq/libzmq/releases(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVCTNUEOFFZUNJOXFCYCF3C6Y6NDILI3/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MK7SJYDJ7MMRRRPCUN3SCSE7YK6ZSHVS/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6HINI24SL7CU6XIJWUOSGTZWEFOOL7X/(cve@mitre.org)
https://news.ycombinator.com/item?id=39970716(cve@mitre.org)
https://seclists.org/bugtraq/2019/Jul/13(cve@mitre.org)
https://security.gentoo.org/glsa/201908-17(cve@mitre.org)
https://usn.ubuntu.com/4050-1/(cve@mitre.org)
https://www.debian.org/security/2019/dsa-4477(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00033.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2019/07/08/6(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/109284(af854a3a-2127-422b-91ae-364da2661108)
https://fangpenlin.com/posts/2024/04/07/how-i-discovered-a-9-point-8-critical-security-vulnerability-in-zeromq-with-mostly-pure-luck/(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/zeromq/libzmq/issues/3558(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/zeromq/libzmq/releases(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/07/msg00007.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVCTNUEOFFZUNJOXFCYCF3C6Y6NDILI3/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MK7SJYDJ7MMRRRPCUN3SCSE7YK6ZSHVS/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6HINI24SL7CU6XIJWUOSGTZWEFOOL7X/(af854a3a-2127-422b-91ae-364da2661108)
https://news.ycombinator.com/item?id=39970716(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Jul/13(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201908-17(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4050-1/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2019/dsa-4477(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.