Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
APP:MISC:ZEROMQ-BO |
|---|---|
Severity |
Major |
Recommended |
No |
Category |
APP |
Keywords |
ZeroMQ CVE-2019-13132 Stack-Based Buffer Overflow |
Release Date |
2019/08/19 |
Update Number |
3200 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
APP: ZeroMQ CVE-2019-13132 Stack-Based Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the ZeroMQ libzmq. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the service.
Extended Description
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations.
Affected Products
- Canonical ubuntu_linux 16.04
- Canonical ubuntu_linux 18.04
- Canonical ubuntu_linux 18.10
- Canonical ubuntu_linux 19.04
- Debian debian_linux 8.0
- Debian debian_linux 9.0
- Zeromq libzmq 4.1.0
- Zeromq libzmq 4.2.0
- Zeromq libzmq 4.2.1
- Zeromq libzmq 4.2.2
- Zeromq libzmq 4.2.3
- Zeromq libzmq 4.2.4
- Zeromq libzmq 4.2.5
- Zeromq libzmq 4.3.0
- Zeromq libzmq 4.3.1
References
- BugTraq: 109284
- CVE: CVE-2019-13132