Non-Unique Nonces Vulnerability in ZeroMQ/C++ Affects Multiple Versions
CVE-2014-7203

Currently unrated

Key Information:

Vendor: ZeroMQ
Status: ZeroMQ
Vendor: CVE Published:; 8 October 2014

What is CVE-2014-7203?

The libzmq library, known as ZeroMQ or Zero Message Queue, prior to version 4.0.5 is susceptible to an exploitation flaw due to the lack of unique nonces. This vulnerability enables malicious actors to perform replay attacks, compromising the integrity of communication by intercepting and re-sending messages without authorization. The exploit arises from unspecified vectors, making it essential for organizations using affected versions to update their libraries promptly to protect against unauthorized access and potential data breaches.

References

http://seclists.org/oss-sec/2014/q3/776

mailing-listx_refsource_MLIST

http://lists.opensuse.org/opensuse-updates/2014-11/msg000...

vendor-advisoryx_refsource_SUSE

https://github.com/zeromq/libzmq/pull/1189

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 8, 2014
Vulnerability Reserved
Sep 26, 2014

CVE-2014-7203 Data

JSON