Candidate: CVE-2021-20236
PublicDate: 2021-05-28 11:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20236
 https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8
Description:
 A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw
 allows a malicious client to cause a stack buffer overflow on the server by
 sending crafted topic subscription requests and then unsubscribing. The
 highest threat from this vulnerability is to confidentiality, integrity, as
 well as system availability.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22488
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_zeromq3:
 upstream: https://github.com/zeromq/libzmq/pull/3959
upstream_zeromq3: released (4.3.3-1)
precise/esm_zeromq3: DNE
trusty_zeromq3: ignored (out of standard support)
trusty/esm_zeromq3: needed
xenial_zeromq3: ignored (end of standard support, was needed)
bionic_zeromq3: needed
focal_zeromq3: needed
groovy_zeromq3: ignored (reached end-of-life)
hirsute_zeromq3: not-affected (4.3.4-1)
impish_zeromq3: not-affected (4.3.4-1)
jammy_zeromq3: not-affected (4.3.4-1)
devel_zeromq3: not-affected (4.3.4-1)