Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-4920-1
HistoryJun 15, 2022 - 12:00 a.m.

ZeroMQ vulnerabilities

2022-06-1500:00:00
ubuntu.com
240

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.614 Medium

EPSS

Percentile

97.8%

JSON

Releases

  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • zeromq3 - lightweight messaging kernel

Details

It was discovered that ZeroMQ incorrectly handled certain application
metadata. A remote attacker could use this issue to cause ZeroMQ to crash,
or possibly execute arbitrary code. (CVE-2019-13132)

It was discovered that ZeroMQ mishandled certain network traffic. An
unauthenticated attacker could use this vulnerability to cause a denial-of-
service and prevent legitimate clients from communicating with ZeroMQ.
(CVE-2020-15166)

It was discovered that ZeroMQ did not properly manage memory under certain
circumstances. If a user or automated system were tricked into connecting
to one or multiple compromised servers, a remote attacker could use this
issue to cause a denial of service. (CVE-2021-20234)

It was discovered that ZeroMQ incorrectly handled memory when processing
messages with arbitrarily large sizes under certain circumstances. A remote
unauthenticated attacker could use this issue to cause a ZeroMQ server to crash,
resulting in a denial of service, or possibly execute arbitrary code. This issue
only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-20235)

It was discovered that ZeroMQ did not properly manage memory under certain
circumstances. A remote unauthenticated attacker could use this issue to
cause a ZeroMQ server to crash, resulting in a denial of service. This issue
only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2021-20237)

OSVersionArchitecturePackageVersionFilename
Ubuntu20.04noarchlibzmq5< 4.3.2-2ubuntu1.20.04.1~esm2UNKNOWN
Ubuntu20.04noarchlibzmq3-dev< 4.3.2-2ubuntu1UNKNOWN
Ubuntu20.04noarchlibzmq5< 4.3.2-2ubuntu1UNKNOWN
Ubuntu20.04noarchlibzmq5-dbgsym< 4.3.2-2ubuntu1UNKNOWN
Ubuntu18.04noarchlibzmq5< 4.2.5-1ubuntu0.2+esm2UNKNOWN
Ubuntu18.04noarchlibzmq3-dev< 4.2.5-1ubuntu0.2UNKNOWN
Ubuntu18.04noarchlibzmq5< 4.2.5-1ubuntu0.2UNKNOWN
Ubuntu18.04noarchlibzmq5-dbgsym< 4.2.5-1ubuntu0.2UNKNOWN
Ubuntu16.04noarchlibzmq5< 4.1.4-7ubuntu0.1+esm2UNKNOWN
Ubuntu16.04noarchlibzmq3-dev< 4.1.4-7ubuntu0.1UNKNOWN
Rows per page:
1-10 of 201

Related

openvas 18
osv 12
nessus 34
debian 7
nvd 6
gentoo 2
cve 6
redhatcve 5
cvelist 6
prion 6
photon 19
ubuntucve 6
checkpoint_advisories 1
fedora 5
alpinelinux 2
suse 3
veracode 2
debiancve 6
ubuntu 1
freebsd 2
mageia 2
hackerone 1
archlinux 2
checkpoint_security 1
ibm 1
openvas
openvas
Ubuntu: Security Advisory (USN-4920-1)
2023-01-27 00:00:00
Debian: Security Advisory (DLA-2588-1)
2021-03-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1776-1)
2021-06-09 00:00:00
osv
osv
zeromq3 vulnerabilities
2022-06-15 18:16:23
zeromq3 - security update
2021-03-09 00:00:00
CVE-2021-20237
2021-05-28 11:15:07
nessus
nessus
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : ZeroMQ vulnerabilities (USN-4920-1)
2023-10-16 00:00:00
Debian DLA-2588-1 : zeromq3 security update
2021-03-11 00:00:00
Fedora 33 : zeromq (2021-8b3202b783)
2021-02-08 00:00:00
debian
debian
[SECURITY] [DLA 2588-1] zeromq3 security update
2021-03-10 16:05:27
[SECURITY] [DSA 4477-1] zeromq3 security update
2019-07-08 16:13:55
[SECURITY] [DLA 1849-1] zeromq3 security update
2019-07-08 17:05:18
nvd
nvd
CVE-2021-20235
2021-04-01 14:15:13
CVE-2021-20234
2021-04-01 14:15:13
CVE-2019-13132
2019-07-10 19:15:10
gentoo
gentoo
ZeroMQ: Arbitrary code execution
2019-08-15 00:00:00
ZeroMQ: Denial of service
2020-09-13 00:00:00
cve
cve
CVE-2021-20237
2021-05-28 11:15:07
CVE-2019-13132
2019-07-10 19:15:10
CVE-2021-20234
2021-04-01 14:15:13
redhatcve
redhatcve
CVE-2021-20234
2021-02-12 15:29:09
CVE-2021-20235
2021-02-12 15:29:59
CVE-2019-13132
2019-07-15 04:51:32
cvelist
cvelist
CVE-2021-20235
2021-04-01 13:47:05
CVE-2019-13132
2019-07-10 00:00:00
CVE-2021-20234
2021-04-01 13:46:33
prion
prion
Buffer overflow
2021-04-01 14:15:00
Stack overflow
2019-07-10 19:15:00
Design/Logic Flaw
2021-05-28 11:15:00
photon
photon
Important Photon OS Security Update - PHSA-2021-0232
2021-05-05 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0322
2020-09-09 00:00:00
Important Photon OS Security Update - PHSA-2020-0139
2020-09-12 00:00:00
ubuntucve
ubuntucve
CVE-2021-20235
2021-04-01 00:00:00
CVE-2019-13132
2019-07-08 00:00:00
CVE-2021-20234
2021-04-01 00:00:00
checkpoint_advisories
checkpoint_advisories
ZeroMQ libzmq Buffer Overflow (CVE-2019-13132)
2019-09-18 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: zeromq-4.1.7-1.fc29
2019-10-03 02:10:05
[SECURITY] Fedora 31 Update: zeromq-4.3.2-1.fc31
2019-09-28 00:05:31
[SECURITY] Fedora 30 Update: zeromq-4.3.2-1.fc30
2019-10-03 01:06:05
alpinelinux
alpinelinux
CVE-2019-13132
2019-07-10 19:15:10
CVE-2020-15166
2020-09-11 16:15:12
suse
suse
Security update for zeromq (important)
2019-07-21 00:00:00
Security update for zeromq (moderate)
2020-11-14 00:00:00
Security update for zeromq (moderate)
2020-11-13 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-07-11 02:51:13
Denial-of-Service (DoS)
2020-09-08 04:30:51
debiancve
debiancve
CVE-2021-20237
2021-05-28 11:15:07
CVE-2019-13132
2019-07-10 19:15:10
CVE-2021-20234
2021-04-01 14:15:13
ubuntu
ubuntu
ZeroMQ vulnerability
2019-07-08 00:00:00
freebsd
freebsd
libzmq4 -- Stack overflow
2019-06-27 00:00:00
libzmq4 -- Denial of Service
2020-09-07 00:00:00
mageia
mageia
Updated zeromq packages fix security vulnerability
2019-11-14 19:58:51
Updated zeromq packages fix security vulnerability
2020-09-15 15:55:09
hackerone
hackerone
Monero: CVE-2019-13132 - libzmq 4.1 series is vulnerable
2019-07-22 08:00:22
archlinux
archlinux
[ASA-202009-16] zeromq: denial of service
2020-09-26 00:00:00
[ASA-202009-15] lib32-zeromq: denial of service
2020-09-26 00:00:00
checkpoint_security
checkpoint_security
Check Point Response to CVE-2021-36299, CVE-2021-36300, CVE-2021-36301, CVE-2021-20235
2021-11-04 01:43:45
ibm
ibm
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-za
2019-07-25 15:25:01

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.614 Medium

EPSS

Percentile

97.8%

JSON
Related for USN-4920-1
openvas18osv12nessus34debian7nvd6gentoo2cve6redhatcve5cvelist6prion6photon19ubuntucve6checkpoint_advisories1fedora5alpinelinux2suse3veracode2debiancve6ubuntu1freebsd2mageia2hackerone1archlinux2checkpoint_security1ibm1