9 - DSA-4368

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	zeromq3 security update

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score	9	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	8	Authentication	Requires single instance
Calculate full CVSS 2.0 Vectors scores

Guido Vranken discovered that an incorrect bounds check in ZeroMQ, a lightweight messaging kernel, could result in the execution of arbitrary code.

For the stable distribution (stretch), this problem has been fixed in version 4.2.1-4+deb9u1.

We recommend that you upgrade your zeromq3 packages.

For the detailed security status of zeromq3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/zeromq3

%	Id	Name
100 %	CWE-190	Integer Overflow or Wraparound (CWE/SANS Top 25)

Type	Description	Count
Application	Zeromq Libzmq cpe:2.3:a:zeromq:libzmq::::::::	1
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:9.0:::::::*	1

Date	Description
2020-01-21	ZeroMQ libzmq pointer overflow attempt RuleID : 52501 - Revision : 1 - Type : SERVER-OTHER
2019-09-17	ZeroMQ libzmq pointer overflow attempt RuleID : 51042 - Revision : 3 - Type : SERVER-OTHER

Date	Description
2019-01-15	Name : The remote Debian host is missing a security-related update. File : debian_DSA-4368.nasl - Type : ACT_GATHER_INFO

If you want to see full details history, please login or register.

Date	Informations
2019-01-24 21:21:41	Multiple Updates
2019-01-15 00:18:15	First insertion

	Related
8.8	CVE-2019-6250
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)