CVE-2021-20234

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ZeroMQ versions prior to 4.3.3

Description An uncontrolled resource consumption issue, specifically a memory leak flaw, was found in the ZeroMQ client. This issue can cause a client to crash if it connects to multiple malicious or compromised servers, with the highest threat being to system availability. The flaw is located in src/pipe.cpp.

Recommendations For versions prior to 4.3.3, update to version 4.3.3 or later to resolve the issue. As a temporary workaround, consider restricting connections to trusted servers to minimize the risk of exploitation.

Exploit

Fix

Resource Exhaustion

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-401

Related Identifiers

ALT-PU-2022-1314

BDU:2021-03710

CVE-2021-20234

DLA-2588-1

GHSA-WFR2-29GJ-5W87

USN-4920-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Ubuntu

Zeromq

CVE-2021-20234

Weakness Enumeration

Related Identifiers

Affected Products

References · 28