7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.011 Low
EPSS
Percentile
84.7%
In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability.
Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are
impacted. If a raw TCP socket is opened and connected to an endpoint that
is fully configured with CURVE/ZAP, legitimate clients will not be able to
exchange any message. Handshakes complete successfully, and messages are
delivered to the library, but the server application never receives them.
This is patched in version 4.3.3.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | zeromq3 | < 4.2.5-1ubuntu0.2+esm1 | UNKNOWN |
ubuntu | 20.04 | noarch | zeromq3 | < 4.3.2-2ubuntu1.20.04.1~esm1 | UNKNOWN |
ubuntu | 14.04 | noarch | zeromq3 | < 4.0.4+dfsg-2ubuntu0.1+esm2) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 16.04 | noarch | zeromq3 | < 4.1.4-7ubuntu0.1+esm1 | UNKNOWN |
github.com/zeromq/libzmq/commit/e7f0090b161ce6344f6bd35009816a925c070b09
github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m
launchpad.net/bugs/cve/CVE-2020-15166
nvd.nist.gov/vuln/detail/CVE-2020-15166
security-tracker.debian.org/tracker/CVE-2020-15166
ubuntu.com/security/notices/USN-4920-1
www.cve.org/CVERecord?id=CVE-2020-15166
www.openwall.com/lists/oss-security/2020/09/07/3
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.011 Low
EPSS
Percentile
84.7%