Description
libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to
conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms
via a ZMTP v2 or earlier header.
Ubuntu-Description
It was discovered that ZeroMQ mishandled certain input. A remote,
unauthenticated attacker could use this vulnerability to bypass ZeroMQs
security mechanisms.
Package
Upstream: | released
(4.0.5+dfsg-3)
|
Ubuntu 18.04 LTS (Bionic Beaver): | not-affected
(4.0.5+dfsg-3)
|
Ubuntu 14.04 ESM (Trusty Tahr): | released
(4.0.4+dfsg-2ubuntu0.1)
|
Ubuntu 20.04 FIPS Compliant (Focal Fossa): | not-affected
(4.0.5+dfsg-3)
|
Patches:
Updated: 2022-02-11 00:52:37 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)