rpm package
opensuse/zeromq&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/zeromq&distro=openSUSE%20Tumbleweed
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-15166 | — | < 4.3.4-2.2 | 4.3.4-2.2 | Sep 11, 2020 | In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients | ||
| CVE-2019-13132 | — | < 4.3.4-2.2 | 4.3.4-2.2 | Jul 10, 2019 | In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with ar | ||
| CVE-2019-6250 | — | < 4.3.4-2.2 | 4.3.4-2.2 | Jan 13, 2019 | A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffe | ||
| CVE-2014-9721 | — | < 4.2.0-1.1 | 4.2.0-1.1 | Jun 3, 2015 | libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header. | ||
| CVE-2014-7203 | — | < 4.2.0-1.1 | 4.2.0-1.1 | Oct 8, 2014 | libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors. | ||
| CVE-2014-7202 | — | < 4.2.0-1.1 | 4.2.0-1.1 | Oct 8, 2014 | stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. |
- CVE-2020-15166Sep 11, 2020affected < 4.3.4-2.2fixed 4.3.4-2.2
In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients
- CVE-2019-13132Jul 10, 2019affected < 4.3.4-2.2fixed 4.3.4-2.2
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with ar
- CVE-2019-6250Jan 13, 2019affected < 4.3.4-2.2fixed 4.3.4-2.2
A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffe
- CVE-2014-9721Jun 3, 2015affected < 4.2.0-1.1fixed 4.2.0-1.1
libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header.
- CVE-2014-7203Oct 8, 2014affected < 4.2.0-1.1fixed 4.2.0-1.1
libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors.
- CVE-2014-7202Oct 8, 2014affected < 4.2.0-1.1fixed 4.2.0-1.1
stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request.