{"id":"CVE-2020-36400","details":"ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a different vulnerability than CVE-2021-20235.","modified":"2026-04-11T13:53:14.435045Z","published":"2021-07-01T03:15:07.787Z","references":[{"type":"ADVISORY","url":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libzmq/OSV-2020-1887.yaml"},{"type":"FIX","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26042"},{"type":"FIX","url":"https://github.com/zeromq/libzmq/commit/397ac80850bf8d010fae23dd215db0ee2c677306"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/zeromq/libzmq","events":[{"introduced":"0"},{"last_affected":"04f5bbedee58c538934374dc45182d8fc5926fa3"},{"fixed":"397ac80850bf8d010fae23dd215db0ee2c677306"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.3.3"}]}}],"versions":["v3.1.0","v4.2.0","v4.2.0-rc1","v4.2.1","v4.2.2","v4.2.3","v4.2.4","v4.2.5","v4.3.0","v4.3.1","v4.3.2","v4.3.3"],"database_specific":{"vanir_signatures":[{"deprecated":false,"signature_version":"v1","digest":{"line_hashes":["126113845745360430300090460976483088041","119863922550594390560943282416311283014","269340178266113695268704476110307561434","141113841675974607008436660744748631403"],"threshold":0.9},"signature_type":"Line","source":"https://github.com/zeromq/libzmq/commit/397ac80850bf8d010fae23dd215db0ee2c677306","id":"CVE-2020-36400-b464be19","target":{"file":"src/decoder_allocators.hpp"}}],"vanir_signatures_modified":"2026-04-11T13:53:14Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36400.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}