{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-01-13T00:00:00", "descriptions": [{"lang": "en", "value": "A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer (i.e., it is not necessary to use a typical buffer-overflow exploitation technique that changes the flow of control)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-28T04:06:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-4368", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4368"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/zeromq/libzmq/issues/3351"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/zeromq/libzmq/releases/tag/v4.3.1"}, {"name": "GLSA-201903-22", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201903-22"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6250", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer (i.e., it is not necessary to use a typical buffer-overflow exploitation technique that changes the flow of control)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-4368", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4368"}, {"name": "https://github.com/zeromq/libzmq/issues/3351", "refsource": "CONFIRM", "url": "https://github.com/zeromq/libzmq/issues/3351"}, {"name": "https://github.com/zeromq/libzmq/releases/tag/v4.3.1", "refsource": "CONFIRM", "url": "https://github.com/zeromq/libzmq/releases/tag/v4.3.1"}, {"name": "GLSA-201903-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201903-22"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:16:24.696Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-4368", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4368"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/zeromq/libzmq/issues/3351"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/zeromq/libzmq/releases/tag/v4.3.1"}, {"name": "GLSA-201903-22", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201903-22"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-6250", "datePublished": "2019-01-13T15:00:00", "dateReserved": "2019-01-13T00:00:00", "dateUpdated": "2024-08-04T20:16:24.696Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zeromq:libzmq:*:*:*:*:*:*:*:*", "matchCriteriaId": "79DFA925-B69B-4DFB-B33F-8B8AC4A692E3", "versionEndIncluding": "4.2.5", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zeromq:libzmq:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E33C064-59C2-4751-B3F2-3425B18D1CA4", "versionEndExcluding": "4.3.1", "versionStartIncluding": "4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer (i.e., it is not necessary to use a typical buffer-overflow exploitation technique that changes the flow of control)."}, {"lang": "es", "value": "Se ha descubierto un desbordamiento de punteros con ejecuci\u00f3n de c\u00f3digo en ZeroMQ libzmq (tambi\u00e9n conocido como 0MQ), en versiones 4.2.x y 4.3.x anteriores a la 4.3.1. Un desbordamiento de enteros en zmq::v2_decoder_t::size_ready, en v2_decoder.cpp, permite que un atacante autenticado sobrescriba una cantidad arbitraria de bytes m\u00e1s all\u00e1 de los l\u00edmites de un b\u00fafer, lo que puede ser aprovechado para ejecutar c\u00f3digo arbitrario en el sistema objetivo. La distribuci\u00f3n de la memoria permite que el atacante inyecte comandos del sistema operativo en una estructura de datos ubicada inmediatamente tras el b\u00fafer problem\u00e1tico (esto es, no es necesario emplear una t\u00e9cnica t\u00edpica de explotaci\u00f3n de desbordamiento de b\u00fafer que cambie el flujo de control)."}], "id": "CVE-2019-6250", "lastModified": "2024-11-21T04:46:18.743", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-13T15:29:00.547", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/zeromq/libzmq/issues/3351"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/zeromq/libzmq/releases/tag/v4.3.1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201903-22"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4368"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/zeromq/libzmq/issues/3351"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/zeromq/libzmq/releases/tag/v4.3.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201903-22"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4368"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "zeromq: Integer overflow in zmq::v2_decoder_t::size_ready", "id": "1665847", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665847"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer (i.e., it is not necessary to use a typical buffer-overflow exploitation technique that changes the flow of control).", "A pointer overflow flaw was found in ZeroMQ libzmq version 4.2.x and 4.3.x, prior to 4.3.1. An integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer which can be leveraged to run arbitrary code on the target system. This allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2019-6250", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Not affected", "package_name": "zeromq3", "product_name": "Red Hat Ceph Storage 2"}], "public_date": "2019-01-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-6250\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6250"], "statement": "This issue does not affect the versions of zeromq3 as shipped with Red Hat Ceph Storage 2 as this version does not contain the code for the version 2 decoder. The zeromq3 version shipped in Red Hat Ceph Storage 2 only contains the version 1 decoder which does not contain affected code.", "threat_severity": "Important"}