1188236 – (CVE-2020-36400) VUL-0: CVE-2020-36400: zeromq: heap-based buffer overflow in zmq:tcp_read

Bug 1188236 (CVE-2020-36400) - VUL-0: CVE-2020-36400: zeromq: heap-based buffer overflow in zmq:tcp_read

Summary: VUL-0: CVE-2020-36400: zeromq: heap-based buffer overflow in zmq:tcp_read

Status:	RESOLVED FIXED

Alias:	CVE-2020-36400

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Critical
Target Milestone:	---
Assignee:	Adam Majer
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/303346/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2021-07-13 07:14 UTC by Robert Frohl
Modified:	2021-07-13 08:22 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Frohl 2021-07-13 07:14:27 UTC

rh#1980260

ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read by resizing a fixed static allocator, a different vulnerability than CVE-2021-20235.

Upstream Reference:

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26042

Upstream fix:

https://github.com/zeromq/libzmq/commit/397ac80850bf8d010fae23dd215db0ee2c677306

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1980260
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36400
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36400
https://github.com/zeromq/libzmq/commit/397ac80850bf8d010fae23dd215db0ee2c677306
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libzmq/OSV-2020-1887.yaml

Comment 1 Robert Frohl 2021-07-13 07:18:31 UTC

does not affect SLE and openSUSE:Factory is already updated to 4.3.4.

Comment 2 Robert Frohl 2021-07-13 07:18:44 UTC

closing