SB2019071052 - Buffer overflow in zeromq (Alpine package)
Published: July 10, 2019
Security Bulletin ID
SB2019071052
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2019-13132)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a stack buffer overflow condition when running a socket with CURVE "encryption/authentication" enabled. A remote attacker can send a malicious request and execute arbitrary code on the targeted system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=6036e9453de63200073e392cbb4393a8fa3cf42f
- https://git.alpinelinux.org/aports/commit/?id=ad01008ab24fb2a43b42e028575d9638fb9ffc7a
- https://git.alpinelinux.org/aports/commit/?id=cea68283f6fb219e133352b64b4e2f39cc002604
- https://git.alpinelinux.org/aports/commit/?id=0dd29b2cb03aa47546dccfe258179342c06932d7
- https://git.alpinelinux.org/aports/commit/?id=2cf2c99417fc593d654d8a0cab2c69f5618d747b
- https://git.alpinelinux.org/aports/commit/?id=99a1377b8e41d4a76c18de6293de21268632055c