Lucene search
K

17 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Zeromq3

A uncontrolled resource consumption memory leak flaw was discovered in ZeroMQ’s src/xpub.cpp in versions prior to 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if CURVE/ZAP authentication is disabled on the server, resulting i...

7.5CVSS7.5AI score0.01694EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 4:2 a.m.10 views

JLSEC-2026-513

In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able...

7.5CVSS7.1AI score0.03408EPSS
Exploits0References7
OSV
OSV
added 2026/05/20 4:2 a.m.11 views

JLSEC-2026-515

There's a flaw in the zeromq server in versions before 4.3.3 in src/decoderallocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zeromq server...

8.1CVSS7.6AI score0.43862EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-7240

Malware in sbrugna...

7.5CVSS7.6AI score0.03408EPSS
Exploits0References13
OSV
OSV
added 2024/02/08 11:6 a.m.5 views

OESA-2024-1133 zeromq security update

ZeroMQ also spelled ØMQ, 0MQ or ZMQ is a high-performance asynchronous messaging library, aimed at use in distributed or concurrent applications. It provides a message queue, but unlike message-oriented middleware, a ZeroMQ system can run without a dedicated message broker. The library's API is...

7.5CVSS6.8AI score0.03408EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:57 a.m.3 views

SUSE CVE-2020-15166

In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able...

7.5CVSS6.8AI score0.03408EPSS
Exploits0References22
SUSE CVE
SUSE CVE
added 2023/02/15 3:47 a.m.3 views

SUSE CVE-2021-20237

An uncontrolled resource consumption memory leak flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a...

7.5CVSS7AI score0.01694EPSS
Exploits0References3
Mageia
Mageia
added 2020/09/15 12:55 p.m.39 views

Updated zeromq packages fix security vulnerability

If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them...

7.5CVSS7.6AI score0.03408EPSS
Exploits0References2
OSV
OSV
added 2020/09/15 12:55 p.m.7 views

MGASA-2020-0367 Updated zeromq packages fix security vulnerability

If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them...

7.5CVSS7.5AI score0.03408EPSS
Exploits0References3
OSV
OSV
added 2020/09/11 4:15 p.m.3 views

ALPINE-CVE-2020-15166

In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able...

7.5CVSS6.8AI score0.03408EPSS
Exploits0References1
OSV
OSV
added 2020/09/11 4:15 p.m.27 views

CVE-2020-15166

In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able...

7.5CVSS2.6AI score
Exploits0References7
UbuntuCve
UbuntuCve
added 2020/09/11 4:15 p.m.25 views

CVE-2020-15166

In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able...

7.5CVSS7.1AI score0.03408EPSS
Exploits0References5
Cvelist
Cvelist
added 2020/09/11 3:35 p.m.30 views

CVE-2020-15166 Denial of Service in ZeroMQ

In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able...

7.5CVSS7.4AI score0.03408EPSS
Exploits0References7
CVE
CVE
added 2020/09/11 3:35 p.m.208 views

CVE-2020-15166

CVE-2020-15166 affects ZeroMQ (libzmq) up to 4.3.3. The vulnerability arises when a remote, unauthenticated client connects to a CURVE/ZAP-protected endpoint before the handshake completes, allowing a denial-of-service where legitimate clients cannot exchange messages, though handshakes complete....

7.5CVSS7.4AI score0.03408EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2020/09/11 3:35 p.m.30 views

CVE-2020-15166

In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able...

7.5CVSS7.3AI score0.03408EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2020/09/11 3:35 p.m.44 views

CVE-2020-15166

In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able...

7.5CVSS7.5AI score0.03408EPSS
Exploits0
FreeBSD
FreeBSD
added 2020/09/07 12:0 a.m.22 views

libzmq4 -- Denial of Service

Google's oss-fuzz project reports: Denial-of-Service on CURVE/ZAP-protected servers by unauthenticated clients. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete...

7.5CVSS7.7AI score0.03408EPSS
Exploits0References2
Rows per page
Query Builder