CVE-2019-13132 – A remote buffer overflow vulnerability in ZeroM... (How to Fix)

Q: What is the severity of CVE-2019-13132?

CVE-2019-13132 has a CVSS score of 9.8 (CRITICAL). A remote buffer overflow vulnerability in ZeroMQ's libzmq library allows unauthenticated attackers to execute arbitrary code on servers using CURVE encryption. This affects public-facing ZeroMQ applications with CURVE authentication enabled. The vulnerability has a CVSS score of 9.8, indicating critical severity.

📋 TL;DR

A remote buffer overflow vulnerability in ZeroMQ's libzmq library allows unauthenticated attackers to execute arbitrary code on servers using CURVE encryption. This affects public-facing ZeroMQ applications with CURVE authentication enabled. The vulnerability has a CVSS score of 9.8, indicating critical severity.

💻 Affected Systems

Products:

ZeroMQ libzmq

Versions: libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2

Operating Systems: All platforms running vulnerable libzmq versions

Default Config Vulnerable: ✅ No

Notes: Only affects configurations with CURVE encryption/authentication enabled on listening sockets. Default configurations without CURVE are not vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Remote code execution allowing attackers to take control of vulnerable ZeroMQ servers and potentially pivot to other systems.

🟢

If Mitigated

Limited impact if servers are not internet-facing and have strict network segmentation, though internal exploitation remains possible.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires connecting to a vulnerable ZeroMQ server with CURVE enabled. No authentication is required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: libzmq 4.0.9, 4.1.7, or 4.3.2

Vendor Advisory: https://github.com/zeromq/libzmq/issues/3558

Restart Required: Yes

Instructions:

1. Identify affected ZeroMQ installations. 2. Upgrade to libzmq 4.0.9, 4.1.7, or 4.3.2 or later. 3. Restart all ZeroMQ applications and services. 4. Verify the patch is applied correctly.

🔧 Temporary Workarounds

Disable CURVE authentication

all

Temporarily disable CURVE encryption/authentication on ZeroMQ sockets if not required for functionality.

Modify ZeroMQ application configuration to use PLAIN or NULL authentication instead of CURVE

Network isolation

linux

Restrict network access to ZeroMQ servers using firewalls or network segmentation.

iptables -A INPUT -p tcp --dport [ZEROMQ_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [ZEROMQ_PORT] -j DROP

🧯 If You Can't Patch

Disable CURVE authentication on all ZeroMQ sockets and use alternative authentication methods
Implement strict network controls to limit access to ZeroMQ servers only from trusted sources

🔍 How to Verify

Check if Vulnerable:

Check libzmq version and verify if CURVE authentication is enabled on listening sockets. Use: zeromq library version check and review application configuration.

Check Version:

On Linux: dpkg -l | grep libzmq or rpm -qa | grep zeromq; On Windows: Check installed programs or use zmq_version() in application code.

Verify Fix Applied:

Confirm libzmq version is 4.0.9, 4.1.7, 4.3.2 or later using: zmq_version() or package manager query.

📡 Detection & Monitoring

Log Indicators:

Unexpected connection attempts to ZeroMQ ports
Crash logs from ZeroMQ applications
Stack trace errors indicating buffer overflow

Network Indicators:

Unusual traffic patterns to ZeroMQ ports from untrusted sources
Exploit attempt patterns in network traffic

SIEM Query:

source="*zeromq*" OR process="*zmq*" AND (event_type="crash" OR message="*overflow*" OR message="*segfault*")

📊 Metadata

CVE ID: CVE-2019-13132

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: July 10, 2019

Last Updated: November 21, 2024

🔗 References

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00033.html Broken Link
http://www.openwall.com/lists/oss-security/2019/07/08/6 Mailing List,Release Notes,Third Party Advisory
http://www.securityfocus.com/bid/109284 Broken Link,Third Party Advisory,VDB Entry
https://fangpenlin.com/posts/2024/04/07/how-i-discovered-a-9-point-8-critical-security-vulnerability-in-zeromq-with-mostly-pure-luck/
https://github.com/zeromq/libzmq/issues/3558 Third Party Advisory
https://github.com/zeromq/libzmq/releases Release Notes,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/07/msg00007.html Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVCTNUEOFFZUNJOXFCYCF3C6Y6NDILI3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MK7SJYDJ7MMRRRPCUN3SCSE7YK6ZSHVS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6HINI24SL7CU6XIJWUOSGTZWEFOOL7X/
https://news.ycombinator.com/item?id=39970716
https://seclists.org/bugtraq/2019/Jul/13 Mailing List,Third Party Advisory
https://security.gentoo.org/glsa/201908-17 Third Party Advisory
https://usn.ubuntu.com/4050-1/ Third Party Advisory
https://www.debian.org/security/2019/dsa-4477 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00033.html Broken Link
http://www.openwall.com/lists/oss-security/2019/07/08/6 Mailing List,Release Notes,Third Party Advisory
http://www.securityfocus.com/bid/109284 Broken Link,Third Party Advisory,VDB Entry
https://fangpenlin.com/posts/2024/04/07/how-i-discovered-a-9-point-8-critical-security-vulnerability-in-zeromq-with-mostly-pure-luck/
https://github.com/zeromq/libzmq/issues/3558 Third Party Advisory
https://github.com/zeromq/libzmq/releases Release Notes,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/07/msg00007.html Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVCTNUEOFFZUNJOXFCYCF3C6Y6NDILI3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MK7SJYDJ7MMRRRPCUN3SCSE7YK6ZSHVS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6HINI24SL7CU6XIJWUOSGTZWEFOOL7X/
https://news.ycombinator.com/item?id=39970716
https://seclists.org/bugtraq/2019/Jul/13 Mailing List,Third Party Advisory
https://security.gentoo.org/glsa/201908-17 Third Party Advisory
https://usn.ubuntu.com/4050-1/ Third Party Advisory
https://www.debian.org/security/2019/dsa-4477 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-13132, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Debian Linux by Debian

Fedora by Fedoraproject

Fedora by Fedoraproject

Fedora by Fedoraproject

Libzmq by Zeromq

Libzmq by Zeromq

Libzmq by Zeromq

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable CURVE authentication

Network isolation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities