CVE-2014-9721

Priority
Description
libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to
conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms
via a ZMTP v2 or earlier header.
Ubuntu-Description
It was discovered that ZeroMQ mishandled certain input. A remote,
unauthenticated attacker could use this vulnerability to bypass ZeroMQs
security mechanisms.
Notes
Package
Upstream:released (4.0.5+dfsg-3)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.0.5+dfsg-3)
Ubuntu 14.04 ESM (Trusty Tahr):released (4.0.4+dfsg-2ubuntu0.1)
Ubuntu 20.04 FIPS Compliant (Focal Fossa):not-affected (4.0.5+dfsg-3)
Patches:
More Information

Updated: 2022-02-11 00:52:37 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)