libzmq3-dev needs to be backported from disco to xenial because of zmq vulnerabilities, as documented here - https://github.com/zcore-coin/zcore-source/issues/8
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Xenial Backports |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
https:/
Description:
A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_
Exploit details
Now that msg_size_ has been set to a very high value, the attacker is allowed to send this amount of bytes, and libzmq will copy it to its internal buffer without any further checks.
This means that it's possible to write beyond the bounds of the allocated space.
However, for the exploit this is not necessary to corrupt memory beyond the buffer proper.
P.o.C
Remote code execution vulnerability #3351
how to fix it:
Update zmq to 4.3.1
CVE References
| Dan Streetman (ddstreet) wrote | #1 |
| Changed in xenial-backports: | |
| status: | New → Won't Fix |
Hello,
the backports process has recently been updated, please see the new documentation:
https:/
I'm closing this bug, but please feel free to open a new bug (or reopen this bug) using the new process, if appropriate.