E19-0viy1
CVSS:
8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
6
Year:
2019
Description
An integer overflow vulnerability has been discovered in ZeroMQ libzmq library.
The vulnerability is due to improper sanitization of user-supplied data passed to zmq::v2_decoder_t::size_ready function when handling ZMTP messages.
A remote attacker could exploit this vulnerability by sending a specially crafted packet to the vulnerable service.
Successful exploitation could result in the execution of arbitrary code in the security context of the service implementing the vulnerable library.
