CVE-2021-20237:Memory leak vulnerability in ZeroMQ allows denial of service via crafted PUB messages when CURVE/ZAP authentication is disabled.

splash
Back

Description Preview

CVE-2021-20237 affects ZeroMQ versions prior to 4.3.3, specifically in the src/xpub.cpp component. The vulnerability is an uncontrolled resource consumption flaw (CWE-401) that manifests as a memory leak. When CURVE/ZAP authentication is disabled on a ZeroMQ server, remote unauthenticated attackers can exploit this vulnerability by sending specially crafted PUB messages that cause excessive memory consumption. This can eventually lead to a denial of service condition as system resources are exhausted. The vulnerability primarily impacts system availability.

Overview

ZeroMQ (libzmq) is a high-performance asynchronous messaging library used in distributed or concurrent applications. The vulnerability exists in the XPUB socket implementation where memory allocation occurs without proper deallocation when processing certain message patterns. When a server has CURVE/ZAP authentication disabled, which is a common configuration in some environments, it becomes vulnerable to this attack. An attacker can repeatedly send crafted messages that trigger the memory leak, gradually consuming all available system memory and potentially causing the application or entire system to become unresponsive.

Remediation

  1. Update ZeroMQ to version 4.3.3 or later which contains the fix for this vulnerability.
  2. If immediate updating is not possible, enable CURVE/ZAP authentication on all ZeroMQ servers as a mitigation measure.
  3. Implement network-level access controls to restrict who can connect to ZeroMQ servers.
  4. Monitor system memory usage for unexpected growth which might indicate exploitation attempts.
  5. Consider implementing application-level resource limits to prevent excessive memory consumption.

References

  1. Red Hat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1921989
  2. GitHub Security Advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw
  3. CWE-401: Improper Release of Memory Before Removing Last Reference
  4. ZeroMQ GitHub Repository: https://github.com/zeromq/libzmq

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Health Care & Social Assistance
    Health Care & Social Assistance
  3. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  4. Educational Services
    Educational Services
  5. Finance and Insurance
    Finance and Insurance
  6. Public Administration
    Public Administration
  7. Information
    Information
  8. Management of Companies & Enterprises
    Management of Companies & Enterprises
  9. Retail Trade
    Retail Trade
  10. Transportation & Warehousing
    Transportation & Warehousing
  11. Utilities
    Utilities
  12. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  13. Other Services (except Public Administration)
    Other Services (except Public Administration)
  14. Accommodation & Food Services
    Accommodation & Food Services
  15. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  16. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  17. Construction
    Construction
  18. Mining
    Mining
  19. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background