CVE-2014-7203 — Missing Cryptographic Step in Zeromq

CWE-325 — Missing Cryptographic Step CWE-323 — Reusing a Nonce, Key Pair in Encryption6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.6%

top 31.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Zeromq3 Zeromq

Timeline

PublishedOct 8

Latest updateMay 17

Description

libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/zeromq3< zeromq3 4.0.5+dfsg-1 (bookworm)

▶NVDzeromq/zeromq5 versions+4

🔴Vulnerability Details

GHSA

GHSA-56m5-7cj8-j73q: libzmq (aka ZeroMQ/C++) 4↗2022-05-17

▶

OSV

CVE-2014-7203: libzmq (aka ZeroMQ/C++) 4↗2014-10-08

▶

📋Vendor Advisories

Red Hat

zeromq: CurveZMQ does not mandate replay attack detection↗2014-09-20

▶

Debian

CVE-2014-7203: zeromq3 - libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are uniqu...↗2014

▶

💬Community

Bugzilla

CVE-2014-7203 zeromq: CurveZMQ does not mandate replay attack detection↗2014-09-29

▶