QwikSec

Security Database

CVE

CWE

Training

CVE-2019-13132

Published: Jul 10, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20190708 CVE-2019-13132: zeromq/libzmq: denial of service via stack overflow with arbitrary data

mailing-list

[debian-lts-announce] 20190708 [SECURITY] [DLA 1849-1] zeromq3 security update

mailing-list

vendor-advisory

vendor-advisory

20190709 [SECURITY] [DSA 4477-1] zeromq3 security update

mailing-list

https://github.com/zeromq/libzmq/issues/3558

https://github.com/zeromq/libzmq/releases

vdb-entry

openSUSE-SU-2019:1767

vendor-advisory

vendor-advisory

FEDORA-2019-d20ce4d5a1

vendor-advisory

FEDORA-2019-8916b4e890

vendor-advisory

FEDORA-2019-4d8f9a9235

vendor-advisory

https://fangpenlin.com/posts/2024/04/07/how-i-discovered-a-9-point-8-critical-security-vulnerability-in-zeromq-with-mostly-pure-luck/

https://news.ycombinator.com/item?id=39970716

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2019-13132 - Security Vulnerability | QwikSec