CVE-2019-6250

Name
CVE-2019-6250
Description
A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer (i.e., it is not necessary to use a typical buffer-overflow exploitation technique that changes the flow of control).
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory https://github.com/zeromq/libzmq/releases/tag/v4.3.1
Exploit https://github.com/zeromq/libzmq/issues/3351
Third Party Advisory https://www.debian.org/security/2019/dsa-4368
Third Party Advisory https://security.gentoo.org/glsa/201903-22

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:zeromq:libzmq:*:*:*:*:*:*:*:* libzmq >= 4.3.0 < 4.3.1
cpe:2.3:a:zeromq:libzmq:*:*:*:*:*:*:*:* libzmq >= 4.2.0 <= 4.2.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status