Search criteria
12 vulnerabilities found for zeromq by zeromq
FKIE_CVE-2021-20236
Vulnerability from fkie_nvd - Published: 2021-05-28 11:15 - Updated: 2024-11-21 05:46
Severity ?
Summary
A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1921976 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1921976 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zeromq | zeromq | * | |
| redhat | ceph_storage | 2.0 | |
| redhat | enterprise_linux | 7.0 | |
| fedoraproject | fedora | 33 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zeromq:zeromq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0413A2-9EC5-49F3-ACE6-3E5922F67FB1",
"versionEndExcluding": "4.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:ceph_storage:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D07DF15E-FE6B-4DAF-99BB-2147CF7D7EEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en el servidor ZeroMQ en versiones anteriores a 4.3.3.\u0026#xa0;Este fallo permite a un cliente malicioso causar un desbordamiento del b\u00fafer de pila en el servidor mediante el env\u00edo de peticiones de suscripci\u00f3n de temas dise\u00f1adas y luego cancelando la suscripci\u00f3n.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad y la disponibilidad del sistema"
}
],
"id": "CVE-2021-20236",
"lastModified": "2024-11-21T05:46:11.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-28T11:15:07.933",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921976"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-9721
Vulnerability from fkie_nvd - Published: 2015-06-03 20:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zeromq:zeromq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E17E08A-D580-4A02-987C-93521C53B1C7",
"versionEndIncluding": "4.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeromq:zeromq:4.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "15DEF7F8-2682-485F-AE06-43DBA353EF05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header."
},
{
"lang": "es",
"value": "ibzmq en versiones anteriores a 4.0.6 y 4.1.x en versiones anteriores a 4.1.1 permite a atacantes remotos llevar a cabo ataques de degradado y eludir mecanismos de protocolos de seguridad ZMTP v3 a trav\u00e9s de una cabecera ZMTP v2 o versiones anteriores."
}
],
"id": "CVE-2014-9721",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-06-03T20:59:00.090",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159176.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00018.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3255"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/zeromq/libzmq/issues/1273"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159176.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/zeromq/libzmq/issues/1273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-7203
Vulnerability from fkie_nvd - Published: 2014-10-08 19:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zeromq:zeromq:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B44ECF76-AB8E-4F9F-8776-F02C45200986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeromq:zeromq:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "312F64B2-A5CA-459B-8DD1-8CD21135079F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeromq:zeromq:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3F998AB-AD48-4F8A-858E-CCB3AC268A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeromq:zeromq:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "06C936DC-EA65-4A6F-9054-548B4BD9377B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeromq:zeromq:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34AFFDBE-A57D-4718-B5E4-65F8E8AC3A90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors."
},
{
"lang": "es",
"value": "libzmq (tambi\u00e9n conocido como ZeroMQ/C++) 4.0.x anterior a 4.0.5 no asegura que los caracteres de un solo uso sean \u00fanicos, lo que permite a atacantes man-in-the-middle realizar ataques de reproducci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-7203",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-10-08T19:55:04.360",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00027.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00101.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q3/754"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q3/776"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62262"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/70157"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96242"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/zeromq/libzmq/issues/1191"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/zeromq/libzmq/pull/1189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q3/754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q3/776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/zeromq/libzmq/issues/1191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/zeromq/libzmq/pull/1189"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-7202
Vulnerability from fkie_nvd - Published: 2014-10-08 19:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zeromq:zeromq:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B44ECF76-AB8E-4F9F-8776-F02C45200986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeromq:zeromq:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34AFFDBE-A57D-4718-B5E4-65F8E8AC3A90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request."
},
{
"lang": "es",
"value": "stream_engine.cpp en libzmq (tambi\u00e9n conocido como ZeroMQ/C++)) 4.0.5 anterior a 4.0.5 permite a atacantes man-in-the-middle realizar ataques de degradaci\u00f3n a trav\u00e9s de una solicitud de conexi\u00f3n manipulada."
}
],
"id": "CVE-2014-7202",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-10-08T19:55:04.313",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00027.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00101.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q3/754"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q3/776"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62262"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/70157"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96241"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/zeromq/libzmq/issues/1190"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/zeromq/libzmq/pull/1188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q3/754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q3/776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/zeromq/libzmq/issues/1190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/zeromq/libzmq/pull/1188"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-20236 (GCVE-0-2021-20236)
Vulnerability from cvelistv5 – Published: 2021-05-28 10:42 – Updated: 2024-08-03 17:37
VLAI?
Summary
A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Severity ?
No CVSS data available.
CWE
- CWE-120 - >CWE-787
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921976"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zeromq",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "zeromq 4.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120-\u003eCWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-28T10:42:19",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921976"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zeromq",
"version": {
"version_data": [
{
"version_value": "zeromq 4.3.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120-\u003eCWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1921976",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921976"
},
{
"name": "https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8",
"refsource": "MISC",
"url": "https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20236",
"datePublished": "2021-05-28T10:42:19",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9721 (GCVE-0-2014-9721)
Vulnerability from cvelistv5 – Published: 2015-06-03 20:00 – Updated: 2024-08-06 13:55
VLAI?
Summary
libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51"
},
{
"name": "DSA-3255",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3255"
},
{
"name": "FEDORA-2015-8635",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159176.html"
},
{
"name": "openSUSE-SU-2015:1028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zeromq/libzmq/issues/1273"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51"
},
{
"name": "DSA-3255",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3255"
},
{
"name": "FEDORA-2015-8635",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159176.html"
},
{
"name": "openSUSE-SU-2015:1028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zeromq/libzmq/issues/1273"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51",
"refsource": "CONFIRM",
"url": "https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51"
},
{
"name": "DSA-3255",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3255"
},
{
"name": "FEDORA-2015-8635",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159176.html"
},
{
"name": "openSUSE-SU-2015:1028",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00018.html"
},
{
"name": "https://github.com/zeromq/libzmq/issues/1273",
"refsource": "CONFIRM",
"url": "https://github.com/zeromq/libzmq/issues/1273"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9721",
"datePublished": "2015-06-03T20:00:00",
"dateReserved": "2015-05-21T00:00:00",
"dateUpdated": "2024-08-06T13:55:04.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7202 (GCVE-0-2014-7202)
Vulnerability from cvelistv5 – Published: 2014-10-08 19:00 – Updated: 2024-08-06 12:40
VLAI?
Summary
stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140927 Re: CVE request: zeromq",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/776"
},
{
"name": "openSUSE-SU-2014:1381",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00027.html"
},
{
"name": "zeromq-handshake-sec-bypass(96241)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96241"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zeromq/libzmq/pull/1188"
},
{
"name": "openSUSE-SU-2014:1493",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00101.html"
},
{
"name": "70157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70157"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zeromq/libzmq/issues/1190"
},
{
"name": "[oss-security] 20140926 CVE request: zeromq",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/754"
},
{
"name": "62262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62262"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140927 Re: CVE request: zeromq",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/776"
},
{
"name": "openSUSE-SU-2014:1381",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00027.html"
},
{
"name": "zeromq-handshake-sec-bypass(96241)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96241"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zeromq/libzmq/pull/1188"
},
{
"name": "openSUSE-SU-2014:1493",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00101.html"
},
{
"name": "70157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70157"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zeromq/libzmq/issues/1190"
},
{
"name": "[oss-security] 20140926 CVE request: zeromq",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/754"
},
{
"name": "62262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62262"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140927 Re: CVE request: zeromq",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/776"
},
{
"name": "openSUSE-SU-2014:1381",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00027.html"
},
{
"name": "zeromq-handshake-sec-bypass(96241)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96241"
},
{
"name": "https://github.com/zeromq/libzmq/pull/1188",
"refsource": "CONFIRM",
"url": "https://github.com/zeromq/libzmq/pull/1188"
},
{
"name": "openSUSE-SU-2014:1493",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00101.html"
},
{
"name": "70157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70157"
},
{
"name": "https://github.com/zeromq/libzmq/issues/1190",
"refsource": "CONFIRM",
"url": "https://github.com/zeromq/libzmq/issues/1190"
},
{
"name": "[oss-security] 20140926 CVE request: zeromq",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/754"
},
{
"name": "62262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62262"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7202",
"datePublished": "2014-10-08T19:00:00",
"dateReserved": "2014-09-26T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7203 (GCVE-0-2014-7203)
Vulnerability from cvelistv5 – Published: 2014-10-08 19:00 – Updated: 2024-08-06 12:40
VLAI?
Summary
libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140927 Re: CVE request: zeromq",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/776"
},
{
"name": "openSUSE-SU-2014:1381",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00027.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zeromq/libzmq/pull/1189"
},
{
"name": "openSUSE-SU-2014:1493",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00101.html"
},
{
"name": "70157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70157"
},
{
"name": "zeromq-connection-nonces-replay(96242)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96242"
},
{
"name": "[oss-security] 20140926 CVE request: zeromq",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/754"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zeromq/libzmq/issues/1191"
},
{
"name": "62262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62262"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140927 Re: CVE request: zeromq",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/776"
},
{
"name": "openSUSE-SU-2014:1381",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00027.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zeromq/libzmq/pull/1189"
},
{
"name": "openSUSE-SU-2014:1493",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00101.html"
},
{
"name": "70157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70157"
},
{
"name": "zeromq-connection-nonces-replay(96242)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96242"
},
{
"name": "[oss-security] 20140926 CVE request: zeromq",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/754"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zeromq/libzmq/issues/1191"
},
{
"name": "62262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62262"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140927 Re: CVE request: zeromq",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/776"
},
{
"name": "openSUSE-SU-2014:1381",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00027.html"
},
{
"name": "https://github.com/zeromq/libzmq/pull/1189",
"refsource": "CONFIRM",
"url": "https://github.com/zeromq/libzmq/pull/1189"
},
{
"name": "openSUSE-SU-2014:1493",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00101.html"
},
{
"name": "70157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70157"
},
{
"name": "zeromq-connection-nonces-replay(96242)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96242"
},
{
"name": "[oss-security] 20140926 CVE request: zeromq",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/754"
},
{
"name": "https://github.com/zeromq/libzmq/issues/1191",
"refsource": "CONFIRM",
"url": "https://github.com/zeromq/libzmq/issues/1191"
},
{
"name": "62262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62262"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7203",
"datePublished": "2014-10-08T19:00:00",
"dateReserved": "2014-09-26T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20236 (GCVE-0-2021-20236)
Vulnerability from nvd – Published: 2021-05-28 10:42 – Updated: 2024-08-03 17:37
VLAI?
Summary
A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Severity ?
No CVSS data available.
CWE
- CWE-120 - >CWE-787
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921976"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zeromq",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "zeromq 4.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120-\u003eCWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-28T10:42:19",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921976"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zeromq",
"version": {
"version_data": [
{
"version_value": "zeromq 4.3.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120-\u003eCWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1921976",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921976"
},
{
"name": "https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8",
"refsource": "MISC",
"url": "https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20236",
"datePublished": "2021-05-28T10:42:19",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9721 (GCVE-0-2014-9721)
Vulnerability from nvd – Published: 2015-06-03 20:00 – Updated: 2024-08-06 13:55
VLAI?
Summary
libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51"
},
{
"name": "DSA-3255",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3255"
},
{
"name": "FEDORA-2015-8635",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159176.html"
},
{
"name": "openSUSE-SU-2015:1028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zeromq/libzmq/issues/1273"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51"
},
{
"name": "DSA-3255",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3255"
},
{
"name": "FEDORA-2015-8635",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159176.html"
},
{
"name": "openSUSE-SU-2015:1028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zeromq/libzmq/issues/1273"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51",
"refsource": "CONFIRM",
"url": "https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51"
},
{
"name": "DSA-3255",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3255"
},
{
"name": "FEDORA-2015-8635",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159176.html"
},
{
"name": "openSUSE-SU-2015:1028",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00018.html"
},
{
"name": "https://github.com/zeromq/libzmq/issues/1273",
"refsource": "CONFIRM",
"url": "https://github.com/zeromq/libzmq/issues/1273"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9721",
"datePublished": "2015-06-03T20:00:00",
"dateReserved": "2015-05-21T00:00:00",
"dateUpdated": "2024-08-06T13:55:04.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7202 (GCVE-0-2014-7202)
Vulnerability from nvd – Published: 2014-10-08 19:00 – Updated: 2024-08-06 12:40
VLAI?
Summary
stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140927 Re: CVE request: zeromq",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/776"
},
{
"name": "openSUSE-SU-2014:1381",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00027.html"
},
{
"name": "zeromq-handshake-sec-bypass(96241)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96241"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zeromq/libzmq/pull/1188"
},
{
"name": "openSUSE-SU-2014:1493",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00101.html"
},
{
"name": "70157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70157"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zeromq/libzmq/issues/1190"
},
{
"name": "[oss-security] 20140926 CVE request: zeromq",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/754"
},
{
"name": "62262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62262"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140927 Re: CVE request: zeromq",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/776"
},
{
"name": "openSUSE-SU-2014:1381",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00027.html"
},
{
"name": "zeromq-handshake-sec-bypass(96241)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96241"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zeromq/libzmq/pull/1188"
},
{
"name": "openSUSE-SU-2014:1493",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00101.html"
},
{
"name": "70157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70157"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zeromq/libzmq/issues/1190"
},
{
"name": "[oss-security] 20140926 CVE request: zeromq",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/754"
},
{
"name": "62262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62262"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140927 Re: CVE request: zeromq",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/776"
},
{
"name": "openSUSE-SU-2014:1381",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00027.html"
},
{
"name": "zeromq-handshake-sec-bypass(96241)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96241"
},
{
"name": "https://github.com/zeromq/libzmq/pull/1188",
"refsource": "CONFIRM",
"url": "https://github.com/zeromq/libzmq/pull/1188"
},
{
"name": "openSUSE-SU-2014:1493",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00101.html"
},
{
"name": "70157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70157"
},
{
"name": "https://github.com/zeromq/libzmq/issues/1190",
"refsource": "CONFIRM",
"url": "https://github.com/zeromq/libzmq/issues/1190"
},
{
"name": "[oss-security] 20140926 CVE request: zeromq",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/754"
},
{
"name": "62262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62262"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7202",
"datePublished": "2014-10-08T19:00:00",
"dateReserved": "2014-09-26T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7203 (GCVE-0-2014-7203)
Vulnerability from nvd – Published: 2014-10-08 19:00 – Updated: 2024-08-06 12:40
VLAI?
Summary
libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140927 Re: CVE request: zeromq",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/776"
},
{
"name": "openSUSE-SU-2014:1381",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00027.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zeromq/libzmq/pull/1189"
},
{
"name": "openSUSE-SU-2014:1493",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00101.html"
},
{
"name": "70157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70157"
},
{
"name": "zeromq-connection-nonces-replay(96242)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96242"
},
{
"name": "[oss-security] 20140926 CVE request: zeromq",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/754"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zeromq/libzmq/issues/1191"
},
{
"name": "62262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62262"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140927 Re: CVE request: zeromq",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/776"
},
{
"name": "openSUSE-SU-2014:1381",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00027.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zeromq/libzmq/pull/1189"
},
{
"name": "openSUSE-SU-2014:1493",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00101.html"
},
{
"name": "70157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70157"
},
{
"name": "zeromq-connection-nonces-replay(96242)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96242"
},
{
"name": "[oss-security] 20140926 CVE request: zeromq",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/754"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zeromq/libzmq/issues/1191"
},
{
"name": "62262",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62262"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140927 Re: CVE request: zeromq",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/776"
},
{
"name": "openSUSE-SU-2014:1381",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00027.html"
},
{
"name": "https://github.com/zeromq/libzmq/pull/1189",
"refsource": "CONFIRM",
"url": "https://github.com/zeromq/libzmq/pull/1189"
},
{
"name": "openSUSE-SU-2014:1493",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00101.html"
},
{
"name": "70157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70157"
},
{
"name": "zeromq-connection-nonces-replay(96242)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96242"
},
{
"name": "[oss-security] 20140926 CVE request: zeromq",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/754"
},
{
"name": "https://github.com/zeromq/libzmq/issues/1191",
"refsource": "CONFIRM",
"url": "https://github.com/zeromq/libzmq/issues/1191"
},
{
"name": "62262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62262"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7203",
"datePublished": "2014-10-08T19:00:00",
"dateReserved": "2014-09-26T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}