CVE-2019-6250

HIGH

libzmq 4.2.0-4.2.4 and 4.3.0 - Authenticated Integer Overflow to Remote Code Execution in v2_decoder.cpp

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-6250. PoCs published by AkashicYiTai, dinosn.

AI-analyzed exploit summary This repository contains a working proof-of-concept exploit for CVE-2019-6250, an integer overflow vulnerability in libzmq's v2_decoder.cpp. The exploit demonstrates how to trigger the vulnerability to achieve remote code execution by overwriting a function pointer in a struct.

Description

A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer (i.e., it is not necessary to use a typical buffer-overflow exploitation technique that changes the flow of control).

Exploits (2)

nomisec WORKING POC 1 stars

by AkashicYiTai · poc

https://github.com/AkashicYiTai/CVE-2019-6250-libzmq

View Code ZIP pw:eip

This repository contains a working proof-of-concept exploit for CVE-2019-6250, an integer overflow vulnerability in libzmq's v2_decoder.cpp. The exploit demonstrates how to trigger the vulnerability to achieve remote code execution by overwriting a function pointer in a struct.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: libzmq (ZeroMQ) version 7302b9b8d127be5aa1f1ccebb9d01df0800182f3

No auth needed

Prerequisites: Network access to the target system · Target must be running a vulnerable version of libzmq

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by dinosn · poc

https://github.com/dinosn/cve-2019-6250-lab

View Code ZIP pw:eip

This repository contains a fully functional exploit for CVE-2019-6250, a pre-authentication heap-buffer-overflow in libzmq's v2_decoder_t::size_ready. The exploit leverages a uint64_t pointer-arithmetic overflow to overwrite a function pointer and achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: libzmq ≤ 4.3.0

No auth needed

Prerequisites: Network access to the target service · ASLR disabled or bypassed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 19, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2019/dsa-4368

Exploit, Patch, Third Party Advisory x_refsource_confirm

https://github.com/zeromq/libzmq/issues/3351

Third Party Advisory x_refsource_confirm

https://github.com/zeromq/libzmq/releases/tag/v4.3.1

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201903-22

Scores

CVSS v3 8.8

EPSS 0.0944

EPSS Percentile 94.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-190

Status published

Products (2)

debian/debian_linux 9.0

zeromq/libzmq 4.2.0 - 4.2.5

Published Jan 13, 2019

Tracked Since Feb 18, 2026