Vulnerability CVE-2019-13132


Published: 2019-07-10

Description:
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Debian
Product: Debian linux 
Version: 9.0; 8.0;
Vendor: Zeromq
Product: Libzmq 
Version:
4.3.1
4.3.0
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.1.0
Vendor: Canonical
Product: Ubuntu linux 
Version:
19.04
18.10
18.04
16.04

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00033.html
http://www.openwall.com/lists/oss-security/2019/07/08/6
http://www.securityfocus.com/bid/109284
https://github.com/zeromq/libzmq/issues/3558
https://github.com/zeromq/libzmq/releases
https://lists.debian.org/debian-lts-announce/2019/07/msg00007.html
https://seclists.org/bugtraq/2019/Jul/13
https://usn.ubuntu.com/4050-1/
https://www.debian.org/security/2019/dsa-4477

Related CVE
CVE-2019-19244
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
CVE-2019-15845
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.
CVE-2012-6639
An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.
CVE-2019-3466
The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
CVE-2015-1607
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, rela...
CVE-2015-3166
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have ...
CVE-2015-3167
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via...
CVE-2012-3543
mono 2.10.x ASP.NET Web Form Hash collision DoS

Copyright 2019, cxsecurity.com

 

Back to Top