What is CVE-2021-20236?

CVE-2021-20236 is a vulnerability found in the ZeroMQ server in versions before 4.3.3.

How does CVE-2021-20236 affect confidentiality and integrity?

CVE-2021-20236 can potentially compromise the confidentiality and integrity of a system.

What is the severity of CVE-2021-20236?

CVE-2021-20236 has a severity score of 9.8 (critical).

What software versions are affected by CVE-2021-20236?

Versions of ZeroMQ before 4.3.3 are affected by CVE-2021-20236.

Are there any known fixes or mitigations for CVE-2021-20236?

Yes, the fix for CVE-2021-20236 is to update to version 4.3.3 of ZeroMQ or later.

Vulnerability/
CVE-2021-20236

critical

9.8

CWE

787 120 119

29/1/2021

28/5/2021

5/8/2022

CVE-2021-20236: Buffer Overflow

First published: Fri Jan 29 2021(Updated: )

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/zeromq	<4.3.3	4.3.3
Zeromq Zeromq	<4.3.3
Redhat Ceph Storage	=2.0
Redhat Enterprise Linux	=7.0
Fedoraproject Fedora	=33

Remedy

https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-20236?
CVE-2021-20236 is a vulnerability found in the ZeroMQ server in versions before 4.3.3.
How does CVE-2021-20236 affect confidentiality and integrity?
CVE-2021-20236 can potentially compromise the confidentiality and integrity of a system.
What is the severity of CVE-2021-20236?
CVE-2021-20236 has a severity score of 9.8 (critical).
What software versions are affected by CVE-2021-20236?
Versions of ZeroMQ before 4.3.3 are affected by CVE-2021-20236.
Are there any known fixes or mitigations for CVE-2021-20236?
Yes, the fix for CVE-2021-20236 is to update to version 4.3.3 of ZeroMQ or later.

collector/redhat-bugzilla
alias/CVE-2021-20236
agent/weakness
agent/severity
agent/references
agent/author
agent/type
agent/tags
agent/event
agent/description
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
package-manager/redhat
vendor/zeromq
canonical/zeromq zeromq
vendor/redhat
canonical/redhat ceph storage
version/redhat ceph storage/2.0
canonical/redhat enterprise linux
version/redhat enterprise linux/7.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/33

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.