CVE-2021-20235

EUVD-2021-7674

01.04.2021, 14:15

There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zeromq server could trigger a buffer overflow WRITE of arbitrary data if CURVE/ZAP authentication is not enabled. The greatest impact of this flaw is to application availability, data integrity, and confidentiality.

Classic Buffer Overflow

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 92%

Affected Products (NVD)

Vendor	Product	Version
zeromq	libzmq	4.2.0 ≤ 𝑥 < 4.3.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

zeromq3

bookworm	4.3.4-6 fixed
bullseye	4.3.4-1+deb11u1 fixed
buster	no-dsa
sid	4.3.5-1 fixed
trixie	4.3.5-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

zeromq3

bionic	Fixed 4.2.5-1ubuntu0.2+esm2 released
focal	Fixed 4.3.2-2ubuntu1.20.04.1~esm2 released
groovy	ignored
hirsute	not-affected
impish	not-affected
jammy	not-affected
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
trusty	not-affected
xenial	not-affected

Common Weakness Enumeration

References

https://bugzilla.redhat.com/show_bug.cgi?id=1921983

https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6

https://bugzilla.redhat.com/show_bug.cgi?id=1921983

https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6