CVE-2014-9721 — Improper Input Validation in Zeromq3

CWE-20 — Improper Input Validation6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.6%

top 30.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Zeromq3 Zeromq

Timeline

PublishedJun 3

Latest updateMay 17

Description

libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/zeromq3< zeromq3 4.0.5+dfsg-3 (bookworm)

▶NVDzeromq/zeromq4.0.5+1

🔴Vulnerability Details

GHSA

GHSA-cx82-pq93-6p39: libzmq before 4↗2022-05-17

▶

OSV

CVE-2014-9721: libzmq before 4↗2015-06-03

▶

📋Vendor Advisories

Red Hat

zeromq: protocol downgrade attack on sockets using the ZMTP v3 protocol↗2014-12-04

▶

Debian

CVE-2014-9721: zeromq3 - libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct do...↗2014

▶

💬Community

Bugzilla

CVE-2014-9721 zeromq: protocol downgrade attack on sockets using the ZMTP v3 protocol↗2015-05-14

▶