FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libzmq4 -- Stack overflow

Affected packages
libzmq4 < 4.3.2

Details

VuXML ID 6954a2b0-bda8-11eb-a04e-641c67a117d8
Discovery 2019-06-27
Entry 2021-05-25

Fang-Pen Lin reports:

A remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations.

References

CVE Name CVE-2019-13132
FreeBSD PR ports/255102
URL https://github.com/zeromq/libzmq/issues/3558
URL https://github.com/zeromq/libzmq/releases/tag/v4.3.2