Candidate: CVE-2019-6250
PublicDate: 2019-01-13 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6250
 https://github.com/zeromq/libzmq/issues/3351
 https://github.com/zeromq/libzmq/releases/tag/v4.3.1
Description:
 A pointer overflow, with code execution, was discovered in ZeroMQ libzmq
 (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp
 zmq::v2_decoder_t::size_ready integer overflow allows an authenticated
 attacker to overwrite an arbitrary amount of bytes beyond the bounds of a
 buffer, which can be leveraged to run arbitrary code on the target system.
 The memory layout allows the attacker to inject OS commands into a data
 structure located immediately after the problematic buffer (i.e., it is not
 necessary to use a typical buffer-overflow exploitation technique that
 changes the flow of control).
Ubuntu-Description:
Notes:
 ebarretto> Vulnerable code introduce in 4.2.0
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919098
 https://bugs.launchpad.net/ubuntu/+source/zeromq3/+bug/1811531
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_zeromq3:
upstream_zeromq3: released (4.3.1-1)
precise/esm_zeromq3: DNE
trusty_zeromq3: not-affected (code not present)
trusty/esm_zeromq3: not-affected (code not present)
xenial_zeromq3: not-affected (code not present)
bionic_zeromq3: released (4.2.5-1ubuntu0.1)
cosmic_zeromq3: released (4.2.5-2ubuntu0.1)
devel_zeromq3: not-affected (4.3.1-1)