CVE-2021-20234
MEDIUMlibzmq < 4.3.3 - Memory Leak in Pipe Connection Handling
Title source: llmDescription
An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability.
References (2)
Core 2
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1921972
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87
Scores
CVSS v3
6.5
EPSS
0.0107
EPSS Percentile
60.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
CWE-401
Status
published
Products (1)
zeromq/libzmq
< 4.3.3
Published
Apr 01, 2021
Tracked Since
Feb 18, 2026