zeromq: Man-in-the-middle downgrade and replay attack

2014-10-15T00:00:00
ID ASA-201410-4
Type archlinux
Reporter Arch Linux
Modified 2014-10-15T00:00:00

Description

  • CVE-2014-7202 (downgrade attack) A bug in stream_engine.cpp allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request.

  • CVE-2014-7203 (replay attack) libzmq did not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors.