CVE-2019-13132

Опубликовано: 10 июл. 2019

Источник: ubuntu

Приоритет: high

CVSS2: 7.5

CVSS3: 9.8

Описание

In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations.

Релиз	Статус	Примечание
bionic	released	4.2.5-1ubuntu0.2
cosmic	released	4.2.5-2ubuntu0.2
devel	released	4.3.1-3ubuntu2.1
disco	released	4.3.1-3ubuntu2.1
eoan	released	4.3.1-3ubuntu2.1
esm-apps/bionic	released	4.2.5-1ubuntu0.2
esm-apps/focal	released	4.3.1-3ubuntu2.1
esm-apps/jammy	released	4.3.1-3ubuntu2.1
esm-apps/xenial	released	4.1.4-7ubuntu0.1
esm-infra-legacy/trusty	released	4.0.4+dfsg-2ubuntu0.1+esm1

Показывать по

Ссылки на источники

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2019-13132

CVSS3: 7.1

redhat

больше 6 лет назад

CVE-2019-13132

CVSS3: 9.8

nvd

больше 6 лет назад

CVE-2019-13132

CVSS3: 9.8

debian

больше 6 лет назад

In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4. ...

openSUSE-SU-2019:1767-1

suse-cvrf

больше 6 лет назад

Security update for zeromq

SUSE-SU-2019:1785-1

suse-cvrf

больше 6 лет назад

Security update for zeromq

7.5 High

CVSS2

9.8 Critical

CVSS3

CVE-2019-13132

Описание

Пакет zeromq3

Ссылки на источники

Связанные уязвимости