APP: ZeroMQ libzmq v2_decoder Integer Overflow
This signature detects attempts to exploit a known vulnerability against ZeroMQ libzmq. A successful attack can lead to arbitrary code execution.
Extended Description
A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer (i.e., it is not necessary to use a typical buffer-overflow exploitation technique that changes the flow of control).
Affected Products
Zeromq libzmq
Short Name
APP:MISC:CVE-2019-6250-IN-OVER
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2019-6250 Integer Overflow ZeroMQ libzmq v2_decoder
Release Date
03/13/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
Port
TCP/0-79,81-442,444-3127,3129-7999,8001-8079,8081-65535
False Positive
Unknown
Vendors
Zeromq
Debian
CVSS Score
9.0