CVE-2021-20235

Name of the Vulnerable Software and Affected Versions ZeroMQ versions prior to 4.3.3 Check Point GAiA (affected versions not specified)

Description The issue is related to a buffer overflow in the ZeroMQ library, which can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The vulnerability is triggered when a crafted request is sent to the ZeroMQ server, allowing for a buffer overflow write of arbitrary data if CURVE/ZAP authentication is not enabled. This can impact application availability, data integrity, and confidentiality.

Recommendations For ZeroMQ versions prior to 4.3.3, update to version 4.3.3 or later to resolve the issue. For Check Point GAiA, at the moment, there is no information about a newer version that contains a fix for this vulnerability.