CVE-2014-7202 — Zeromq vulnerability

6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.6%

top 31.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Zeromq3 Zeromq

Timeline

PublishedOct 8

Latest updateMay 17

Description

stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/zeromq3< zeromq3 4.0.5+dfsg-1 (bookworm)

▶NVDzeromq/zeromq4.0.0, 4.0.4+1

🔴Vulnerability Details

GHSA

GHSA-4jwc-wmvr-fwp2: stream_engine↗2022-05-17

▶

OSV

CVE-2014-7202: stream_engine↗2014-10-08

▶

📋Vendor Advisories

Red Hat

zeromq: stream engine security can be downgraded by client.↗2014-09-20

▶

Debian

CVE-2014-7202: zeromq3 - stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-t...↗2014

▶

💬Community

Bugzilla

CVE-2014-7202 zeromq: stream engine security can be downgraded by client.↗2014-09-29

▶