CVE Tools

zeromq

OSS Librariesoss-project

2

Cumulative CVEs

1

Monthly snapshots

#129

Peak rank

Top products

Latest CVEs

The 11 most recently published vulnerabilities affecting zeromq.

CVE-2020-36400ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a different vulnerability than CVE-2021-20235.9.8Jul 1, 2021
CVE-2021-20237An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages ...7.5May 28, 2021
CVE-2021-20236A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and...9.8May 28, 2021
CVE-2021-20235There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is ...8.1Apr 1, 2021
CVE-2021-20234An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or co...6.5Apr 1, 2021
CVE-2020-15166Denial of Service in ZeroMQ7.5Sep 11, 2020
CVE-2019-13132In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption...9.8Jul 10, 2019
CVE-2019-6250A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authentica...8.8Jan 13, 2019
CVE-2014-9721libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header.4.3Jun 3, 2015
CVE-2014-7202stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request.4.3Oct 8, 2014
CVE-2014-7203libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors.4.3Oct 8, 2014