[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

[3.8] zeromq: Integer overflow in zmq::v2_decoder_t::size_ready (CVE-2019-6250)

ID: oval:org.secpod.oval:def:1801300Date: (C)2019-04-04   (M)2022-08-08
Class: PATCHFamily: unix




A pointer overflow, with code execution, was discovered in ZeroMQ libzmq 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer .

Platform:
Alpine Linux 3.8
Product:
zeromq
Reference:
9877
CVE-2019-6250
CVE    1
CVE-2019-6250
CPE    2
cpe:/o:alpinelinux:alpine_linux:3.8
cpe:/a:zeromq:zeromq

© SecPod Technologies