CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36400
https://notcve.org/view.php?id=CVE-2020-36400
ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a different vulnerability than CVE-2021-20235. ZeroMQ libzmq versión 4.3.3, presenta un desbordamiento de búfer en la región heap de la memoria en la función zmq::tcp_read, una vulnerabilidad diferente a CVE-2021-20235 • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26042 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libzmq/OSV-2020-1887.yaml https://github.com/zeromq/libzmq/commit/397ac80850bf8d010fae23dd215db0ee2c677306 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20237
https://notcve.org/view.php?id=CVE-2021-20237
An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo de consumo de recursos incontrolado (filtrado de memoria) en el archivo src/xpub.cpp de ZeroMQ en versiones anteriores a 4.3.3. Este fallo permite a un atacante remoto no autenticado enviar mensajes PUB diseñados que consumen memoria excesiva si la autenticación CURVE/ZAP está deshabilitada en el servidor, causando una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1921989 https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20236
https://notcve.org/view.php?id=CVE-2021-20236
A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en el servidor ZeroMQ en versiones anteriores a 4.3.3. Este fallo permite a un cliente malicioso causar un desbordamiento del búfer de pila en el servidor mediante el envío de peticiones de suscripción de temas diseñadas y luego cancelando la suscripción. • https://bugzilla.redhat.com/show_bug.cgi?id=1921976 https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20235
https://notcve.org/view.php?id=CVE-2021-20235
There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zeromq server could trigger a buffer overflow WRITE of arbitrary data if CURVE/ZAP authentication is not enabled. The greatest impact of this flaw is to application availability, data integrity, and confidentiality. Se presenta un fallo en el servidor zeromq en versiones anteriores a 4.3.3, en el archivo src/decoder_allocators.hpp. • https://bugzilla.redhat.com/show_bug.cgi?id=1921983 https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-20234
https://notcve.org/view.php?id=CVE-2021-20234
An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability. Se encontró un fallo de consumo de recursos no controlado (pérdida de la memoria) en el cliente ZeroMQ en versiones anteriores a 4.3.3, en el archivo src/pipe.cpp. Este problema causa que un cliente que se conecta a múltiples servidores maliciosos o comprometidos se bloquee. • https://bugzilla.redhat.com/show_bug.cgi?id=1921972 https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •