#VU17108 Integer overflow in libzmq - CVE-2019-6250

Cybersecurity Help s.r.o.

Published: 2019-01-22

Vulnerability identifier: #VU17108

Vulnerability risk: Low

CVSSv4.0: 7.4 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-6250

CWE-ID: CWE-190

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libzmq
Universal components / Libraries / Libraries used by multiple products

Vendor: ZeroMQ Project

Description

The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in a v2_decoder.cpp zmq::v2_decoder_t::size_ready. A remote authenticated attacker can overwrite an arbitrary amount of bytes beyond the bounds of a buffer and inject OS commands into a data structure located immediately after the problematic buffer to execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Update to version 4.3.1.

Vulnerable software versions

libzmq: 4.2.0 - 4.3.0

External links
https://github.com/zeromq/libzmq/issues/3351
https://github.com/zeromq/libzmq/releases/tag/v4.3.1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Gentoo update for ZeroMQ

OpenSUSE Linux update for zeromq

Integer overflow in zeromq (Alpine package)

OpenSUSE Linux update for zeromq

Remote code execution in ZeroMQ libzmq

Debian update for zeromq3