{"id":"CVE-2021-20237","details":"An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a denial of service. The highest threat from this vulnerability is to system availability.","modified":"2026-03-13T00:45:13.275017Z","published":"2021-05-28T11:15:07.970Z","related":["GHSA-4p5v-h92w-6wxw"],"references":[{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1921989"},{"type":"FIX","url":"https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/zeromq/libzmq","events":[{"introduced":"097bf26e8dacf73abc2a6cdd6f9e4dce824b8208"},{"fixed":"04f5bbedee58c538934374dc45182d8fc5926fa3"}],"database_specific":{"versions":[{"introduced":"4.2.0"},{"fixed":"4.3.3"}]}}],"versions":["v4.2.0","v4.2.1","v4.2.2","v4.2.3","v4.2.4","v4.2.5","v4.3.0","v4.3.1","v4.3.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20237.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}