Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-20237

Опубликовано: 07 сент. 2020
Источник: redhat
CVSS3: 5.9

Описание

An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a denial of service. The highest threat from this vulnerability is to system availability.

An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ's src/xpub.cpp. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a denial of service. The highest threat from this vulnerability is to system availability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ceph Storage 2zeromq3Out of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1921989zeromq: Memory leaks via metadata messages processed by PUB sockets

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-20237

CVSS3: 7.5
ubuntu
больше 4 лет назад

An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a denial of service. The highest threat from this vulnerability is to system availability.

nvd логотип

CVE-2021-20237

CVSS3: 7.5
nvd
больше 4 лет назад

An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a denial of service. The highest threat from this vulnerability is to system availability.

debian логотип

CVE-2021-20237

CVSS3: 7.5
debian
больше 4 лет назад

An uncontrolled resource consumption (memory leak) flaw was found in Z ...

github логотип

GHSA-98wx-fq4r-jfm2

CVSS3: 7.5
github
больше 3 лет назад

An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a denial of service. The highest threat from this vulnerability is to system availability.

fstec логотип

BDU:2024-06962

CVSS3: 7.5
fstec
больше 5 лет назад

Уязвимость компонента xpub.cpp библиотеки для обмена сообщениями ZeroMQ, связанная с неправильным освобождением памяти перед удалением последней ссылки, позволяющая нарушителю вызвать отказ в обслуживании

5.9 Medium

CVSS3