Your submission was sent successfully! Close

CVE-2021-20236

Published: 28 May 2021

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
zeromq3
Launchpad, Ubuntu, Debian
Upstream
Released (4.3.3-1)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(4.3.4-1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(4.3.4-1)
Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Needed

Patches:
Upstream: https://github.com/zeromq/libzmq/pull/3959