CVE-2014-9721

Priority
Description
libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to
conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms
via a ZMTP v2 or earlier header.
Ubuntu-Description
It was discovered that ZeroMQ mishandled certain input. A remote,
unauthenticated attacker could use this vulnerability to bypass ZeroMQs
security mechanisms.
Notes
Package
Upstream:released (4.0.5+dfsg-3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (4.0.4+dfsg-2ubuntu0.1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.0.5+dfsg-3)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.0.5+dfsg-3)
More Information

Updated: 2020-09-10 04:31:15 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)