Strike ID:
E19-7p641
CVSS:
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
False Positive:
t
Variants:
1
Year:
2019

Description

A stack-based buffer overflow exists in ZeroMQ libzmq due to improper validation of the INITIATE command in curve server.cpp. A remote, unauthenticated attacker could exploit this vulnerability by sending a specially crafted packet to the vulnerable service. Successful exploitation could result in denial of service conditions, or execution of arbitrary code.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}