CVE-2021-20237

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ZeroMQ versions prior to 4.3.3

Description An uncontrolled resource consumption flaw, also known as a memory leak, was found in ZeroMQ's src/xpub.cpp. This issue allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a denial of service. The highest threat from this issue is to system availability.

Recommendations For versions prior to 4.3.3, update to version 4.3.3 or later to resolve the issue. As a temporary workaround, consider disabling the CURVE/ZAP authentication or restricting access to the server to minimize the risk of exploitation.

Fix

DoS

Resource Exhaustion

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-401

Related Identifiers

ALT-PU-2022-1314

BDU:2024-06962

CVE-2021-20237

GHSA-4P5V-H92W-6WXW

USN-4920-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Ubuntu

Zeromq

CVE-2021-20237

Weakness Enumeration

Related Identifiers

Affected Products

References · 20