Vulnerability in ZeroMQ/C++ Product Allowing Downgrade Attacks
CVE-2014-7202

Currently unrated

Key Information:

Vendor: ZeroMQ
Status: ZeroMQ
Vendor: CVE Published:; 8 October 2014

What is CVE-2014-7202?

A vulnerability exists in stream_engine.cpp of the ZeroMQ/C++ library version 4.0.5, which allows man-in-the-middle attackers to exploit crafted connection requests for conducting downgrade attacks. This security flaw could lead to unauthorized access and interception of sensitive data, highlighting the necessity for users to promptly update to versions that rectify this issue.

References

http://seclists.org/oss-sec/2014/q3/776

mailing-listx_refsource_MLIST

http://lists.opensuse.org/opensuse-updates/2014-11/msg000...

vendor-advisoryx_refsource_SUSE

https://exchange.xforce.ibmcloud.com/vulnerabilities/96241

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 8, 2014
Vulnerability Reserved
Sep 26, 2014

CVE-2014-7202 Data

JSON