Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-20234

Опубликовано: 01 апр. 2021
Источник: debian

Описание

An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
zeromq3fixed4.3.3-1package
zeromq3no-dsabusterpackage

Примечания

  • https://github.com/zeromq/libzmq/pull/3918

  • https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87

  • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22037

  • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22123

Связанные уязвимости

ubuntu логотип

CVE-2021-20234

CVSS3: 6.5
ubuntu
почти 5 лет назад

An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability.

redhat логотип

CVE-2021-20234

CVSS3: 5.3
redhat
больше 5 лет назад

An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability.

nvd логотип

CVE-2021-20234

CVSS3: 6.5
nvd
почти 5 лет назад

An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability.

github логотип

GHSA-47vr-832f-crm9

CVSS3: 6.5
github
больше 3 лет назад

An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability.

fstec логотип

BDU:2021-03710

CVSS3: 6.5
fstec
почти 5 лет назад

Уязвимость библиотеки для обмена сообщениями ZeroMQ, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании