CVE-2019-13132

Name of the Vulnerable Software and Affected Versions ZeroMQ libzmq versions 4.0.0 through 4.0.8 ZeroMQ libzmq versions 4.1.x through 4.1.6 ZeroMQ libzmq versions 4.2.x through 4.3.1

Description The issue is related to a buffer overflow in the ZeroMQ libzmq library, which can cause a stack overflow and allow an attacker to overwrite the stack with arbitrary data. This can lead to unauthorized access to sensitive information, disruption of data integrity, and denial of service. The vulnerability can be exploited by a remote, unauthenticated client connecting to a libzmq application with CURVE encryption/authentication enabled.

Recommendations For ZeroMQ libzmq versions 4.0.0 through 4.0.8, upgrade to version 4.0.9 or later. For ZeroMQ libzmq versions 4.1.x through 4.1.6, upgrade to version 4.1.7 or later. For ZeroMQ libzmq versions 4.2.x through 4.3.1, upgrade to version 4.3.2 or later. As a temporary workaround, consider disabling CURVE encryption/authentication until a patch is available. Restrict access to public servers with the vulnerable configuration to minimize the risk of exploitation.