Bug 1921972 (CVE-2021-20234)

Summary: CVE-2021-20234 zeromq: Memory leak in client induced by malicious server without CURVE/ZAP
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: amctagga, andrewniemants, anharris, bniver, dbecker, denis.arnaud_fedora, extras-orphan, flucifre, gmeno, hvyas, jjoyce, jschluet, lhh, lpeer, mbenjamin, mburns, mhackett, rhel8-maint, sclewis, slinaber, sostapov, tomspur, vereddy
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: zeromq 4.3.3 Doc Type: If docs needed, set a value
Doc Text:
An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability.
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-11 22:09:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1921973, 1921974, 1921975, 1921978    
Bug Blocks: 1921995, 1939830    

Description Pedro Sampaio 2021-01-29 00:20:04 UTC
A flaw was found in zeromq before 4.3.3. When a pipe processes a delimiter and is already not in active state but still has an unfinished message, the message is leaked causing a crash.

References:

https://github.com/zeromq/libzmq/pull/3918
https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22037
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22123

Comment 1 Pedro Sampaio 2021-01-29 00:20:55 UTC
Created zeromq tracking bugs for this issue:

Affects: epel-all [bug 1921973]
Affects: fedora-all [bug 1921975]


Created zeromq3 tracking bugs for this issue:

Affects: epel-7 [bug 1921974]

Comment 2 Pedro Sampaio 2021-01-29 00:29:23 UTC
Created zeromq tracking bugs for this issue:

Affects: openstack-rdo [bug 1921978]

Comment 3 Denis Arnaud 2021-01-30 00:06:00 UTC
Fixed by https://bodhi.fedoraproject.org/updates/FEDORA-2021-a01e258e6d

Comment 4 Fedora Update System 2021-02-08 01:29:27 UTC
FEDORA-2021-8b3202b783 has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 6 Todd Cullum 2021-02-12 19:03:46 UTC
External References:

https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87

Comment 7 Fedora Update System 2021-02-17 04:15:41 UTC
FEDORA-EPEL-2021-5e4b80b9d8 has been pushed to the Fedora EPEL 8 stable repository.
If problem still persists, please make note of it in this bug report.