CVE-2021-20237 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-20237 Interim 1 57 2025-02-17T00:55:22Z current 2021-08-18T00:59:26Z 2025-02-17T00:55:22Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-20237 An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a denial of service. The highest threat from this vulnerability is to system availability. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE CaaS Platform 3.0 SUSE Container as a Service Platform 1.0 SUSE Container as a Service Platform 2.0 SUSE Enterprise Storage 5 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Workstation Extension 12 SP5 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Workstation Extension 12 SP5 SUSE Manager Client Tools Beta for RHEL, Liberty and Clones 8 SUSE Manager Client Tools Beta for SLE 12 SUSE Manager Client Tools for RHEL, Liberty and Clones 8 SUSE Manager Client Tools for SLE 12 SUSE Manager Proxy 3.2 SUSE Manager Server 3.2 libzmq3 zeromq zeromq-devel libzmq3 as a component of SUSE CaaS Platform 3.0 zeromq as a component of SUSE CaaS Platform 3.0 zeromq as a component of SUSE Container as a Service Platform 1.0 zeromq as a component of SUSE Container as a Service Platform 2.0 libzmq3 as a component of SUSE Enterprise Storage 5 zeromq as a component of SUSE Enterprise Storage 5 libzmq3 as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 zeromq as a component of SUSE Linux Enterprise Module for Advanced Systems Management 12 libzmq3 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 zeromq-devel as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 zeromq as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libzmq3 as a component of SUSE Linux Enterprise Workstation Extension 12 SP5 zeromq as a component of SUSE Linux Enterprise Workstation Extension 12 SP5 zeromq as a component of SUSE Manager Client Tools Beta for RHEL, Liberty and Clones 8 zeromq as a component of SUSE Manager Client Tools Beta for SLE 12 zeromq as a component of SUSE Manager Client Tools for RHEL, Liberty and Clones 8 zeromq as a component of SUSE Manager Client Tools for SLE 12 libzmq3 as a component of SUSE Manager Proxy 3.2 zeromq as a component of SUSE Manager Proxy 3.2 libzmq3 as a component of SUSE Manager Server 3.2 zeromq as a component of SUSE Manager Server 3.2 An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a denial of service. The highest threat from this vulnerability is to system availability. CVE-2021-20237 SUSE CaaS Platform 3.0:libzmq3 SUSE CaaS Platform 3.0:zeromq SUSE Container as a Service Platform 1.0:zeromq SUSE Container as a Service Platform 2.0:zeromq SUSE Enterprise Storage 5:libzmq3 SUSE Enterprise Storage 5:zeromq SUSE Linux Enterprise Module for Advanced Systems Management 12:libzmq3 SUSE Linux Enterprise Module for Advanced Systems Management 12:zeromq SUSE Linux Enterprise Software Development Kit 12 SP5:libzmq3 SUSE Linux Enterprise Software Development Kit 12 SP5:zeromq SUSE Linux Enterprise Software Development Kit 12 SP5:zeromq-devel SUSE Linux Enterprise Workstation Extension 12 SP5:libzmq3 SUSE Linux Enterprise Workstation Extension 12 SP5:zeromq SUSE Manager Client Tools Beta for RHEL, Liberty and Clones 8:zeromq SUSE Manager Client Tools Beta for SLE 12:zeromq SUSE Manager Client Tools for RHEL, Liberty and Clones 8:zeromq SUSE Manager Client Tools for SLE 12:zeromq SUSE Manager Proxy 3.2:libzmq3 SUSE Manager Proxy 3.2:zeromq SUSE Manager Server 3.2:libzmq3 SUSE Manager Server 3.2:zeromq moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H