1. CVE-Search
  2. CVE-2019-13132
ID CVE-2019-13132
Summary In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations.
References
Vulnerable Configurations
  • cpe:2.3:a:zeromq:libzmq:*:*:*:*:*:*:*:*
    cpe:2.3:a:zeromq:libzmq:*:*:*:*:*:*:*:*
  • cpe:2.3:a:zeromq:libzmq:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:zeromq:libzmq:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zeromq:libzmq:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:zeromq:libzmq:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zeromq:libzmq:4.2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:zeromq:libzmq:4.2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:zeromq:libzmq:4.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:zeromq:libzmq:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zeromq:libzmq:4.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:zeromq:libzmq:4.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zeromq:libzmq:4.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:zeromq:libzmq:4.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zeromq:libzmq:4.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:zeromq:libzmq:4.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:zeromq:libzmq:4.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:zeromq:libzmq:4.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:zeromq:libzmq:4.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:zeromq:libzmq:4.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zeromq:libzmq:4.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:zeromq:libzmq:4.3.1:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-04-2024 - 22:15)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 109284
bugtraq 20190709 [SECURITY] [DSA 4477-1] zeromq3 security update
confirm
debian DSA-4477
fedora
  • FEDORA-2019-4d8f9a9235
  • FEDORA-2019-8916b4e890
  • FEDORA-2019-d20ce4d5a1
gentoo GLSA-201908-17
mlist
  • [debian-lts-announce] 20190708 [SECURITY] [DLA 1849-1] zeromq3 security update
  • [oss-security] 20190708 CVE-2019-13132: zeromq/libzmq: denial of service via stack overflow with arbitrary data
suse openSUSE-SU-2019:1767
ubuntu USN-4050-1
Last major update 11-04-2024 - 22:15
Published 10-07-2019 - 19:15
Last modified 11-04-2024 - 22:15
Back to Top