CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2020-15166 – Denial of Service in ZeroMQ
https://notcve.org/view.php?id=CVE-2020-15166
In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3. • https://github.com/zeromq/libzmq/pull/3913 https://github.com/zeromq/libzmq/pull/3973 https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m https://lists.debian.org/debian-lts-announce/2020/11/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZ5IMNQXDB52JFBXHFLK4AHVORFELNNG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YFW2ZELCCPS4VLU4OSJOH5YL6KFKTFYW https://security.gentoo.org/glsa/202009-12 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 54%CPEs: 12EXPL: 0CVE-2019-13132
https://notcve.org/view.php?id=CVE-2019-13132
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations. En ZeroMQ libzmq anterior a versión 4.0.9, versiones 4.1.x anteriores a 4.1.7, y versiones 4.2.x anteriores a 4.3.2, un cliente no identificado remoto que se conecta a una aplicación libzmq, ejecutándose con un socket de escucha con el cifrado y autenticación CURVE habilitado, puede causar un desbordamiento de pila y sobreescritura de pila con datos arbitrarios, debido a un desbordamiento de búfer en la biblioteca. Se exhorta a los usuarios que ejecutan servidores públicos con la configuración anterior que realicen su actualización lo antes posible, ya que no existen mitigaciones conocidas. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00033.html http://www.openwall.com/lists/oss-security/2019/07/08/6 http://www.securityfocus.com/bid/109284 https://fangpenlin.com/posts/2024/04/07/how-i-discovered-a-9-point-8-critical-security-vulnerability-in-zeromq-with-mostly-pure-luck https://github.com/zeromq/libzmq/issues/3558 https://github.com/zeromq/libzmq/releases https://lists.debian.org/debian-lts-announce/2019/07/msg00007.html https://lists.fedoraproject • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 53%CPEs: 3EXPL: 2CVE-2019-6250
https://notcve.org/view.php?id=CVE-2019-6250
A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer (i.e., it is not necessary to use a typical buffer-overflow exploitation technique that changes the flow of control). Se ha descubierto un desbordamiento de punteros con ejecución de código en ZeroMQ libzmq (también conocido como 0MQ), en versiones 4.2.x y 4.3.x anteriores a la 4.3.1. Un desbordamiento de enteros en zmq::v2_decoder_t::size_ready, en v2_decoder.cpp, permite que un atacante autenticado sobrescriba una cantidad arbitraria de bytes más allá de los límites de un búfer, lo que puede ser aprovechado para ejecutar código arbitrario en el sistema objetivo. • https://github.com/AkashicYiTai/CVE-2019-6250-libzmq https://github.com/zeromq/libzmq/issues/3351 https://github.com/zeromq/libzmq/releases/tag/v4.3.1 https://security.gentoo.org/glsa/201903-22 https://www.debian.org/security/2019/dsa-4368 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-9721
https://notcve.org/view.php?id=CVE-2014-9721
libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header. ibzmq en versiones anteriores a 4.0.6 y 4.1.x en versiones anteriores a 4.1.1 permite a atacantes remotos llevar a cabo ataques de degradado y eludir mecanismos de protocolos de seguridad ZMTP v3 a través de una cabecera ZMTP v2 o versiones anteriores. • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159176.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00018.html http://www.debian.org/security/2015/dsa-3255 https://github.com/zeromq/libzmq/issues/1273 https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2014-7203
https://notcve.org/view.php?id=CVE-2014-7203
libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors. libzmq (también conocido como ZeroMQ/C++) 4.0.x anterior a 4.0.5 no asegura que los caracteres de un solo uso sean únicos, lo que permite a atacantes man-in-the-middle realizar ataques de reproducción a través de vectores no especificados. • http://lists.opensuse.org/opensuse-updates/2014-11/msg00027.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00101.html http://seclists.org/oss-sec/2014/q3/754 http://seclists.org/oss-sec/2014/q3/776 http://secunia.com/advisories/62262 http://www.securityfocus.com/bid/70157 https://exchange.xforce.ibmcloud.com/vulnerabilities/96242 https://github.com/zeromq/libzmq/issues/1191 https://github.com/zeromq/libzmq/pull/1189 •