Short Name |
APP:MISC:ZEROMQ-BO |
---|---|
Severity |
Major |
Recommended |
No |
Category |
APP |
Keywords |
ZeroMQ CVE-2019-13132 Stack-Based Buffer Overflow |
Release Date |
2019/08/19 |
Update Number |
3200 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in the ZeroMQ libzmq. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the service.
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations.