Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Zeromq
(Zeromq)Repositories | https://github.com/zeromq/zeromq4-x |
#Vulnerabilities | 4 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-05-28 | CVE-2021-20236 | A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | Fedora, Ceph_storage, Enterprise_linux, Zeromq | 9.8 | ||
2015-06-03 | CVE-2014-9721 | libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header. | Zeromq | N/A | ||
2014-10-08 | CVE-2014-7203 | libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors. | Zeromq | N/A | ||
2014-10-08 | CVE-2014-7202 | stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. | Zeromq | N/A |