Vulnerability Details : CVE-2021-20236
A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2021-20236
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ceph_storage:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:a:zeromq:zeromq:*:*:*:*:*:*:*:*
Threat overview for CVE-2021-20236
Top countries where our scanners detected CVE-2021-20236
Top open port discovered on systems with this issue
53
IPs affected by CVE-2021-20236 623,980
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2021-20236!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2021-20236
0.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-20236
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2021-20236
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: secalert@redhat.com (Secondary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2021-20236
-
https://bugzilla.redhat.com/show_bug.cgi?id=1921976
Issue Tracking;Third Party Advisory
-
https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8
Stack overflow on server running PUB/XPUB socket (CURVE disabled) · Advisory · zeromq/libzmq · GitHubPatch;Third Party Advisory
Jump to