CVE-2019-13132

Priority
Description
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2,
a remote, unauthenticated client connecting to a libzmq application,
running with a socket listening with CURVE encryption/authentication
enabled, may cause a stack overflow and overwrite the stack with arbitrary
data, due to a buffer overflow in the library. Users running public servers
with the above configuration are highly encouraged to upgrade as soon as
possible, as there are no known mitigations.
Ubuntu-Description
It was discovered that ZeroMQ incorrectly handled certain application metadata.
A remote attacker could use this issue to cause ZeroMQ to crash, or possibly
execute arbitrary code.
Package
Upstream:pending (4.3.2,4.1.7,4.0.9)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):released (4.1.4-7ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.2.5-1ubuntu0.2)
Ubuntu 19.04 (Disco Dingo):released (4.3.1-3ubuntu2.1)
Ubuntu 19.10 (Eoan):needed
More Information

Updated: 2019-08-16 15:14:23 UTC (commit 5361c67d07aa5974ee5576195f5ae50712d72c5c)