Remote Downgrade Vulnerability in libzmq Products by ZeroMQ
CVE-2014-9721

Currently unrated

Key Information:

Vendor: ZeroMQ
Status: ZeroMQ
Vendor: CVE Published:; 3 June 2015

What is CVE-2014-9721?

Threat actors can exploit a flaw in libzmq versions prior to 4.0.6 and 4.1.x prior to 4.1.1, enabling them to execute downgrade attacks. These attacks exploit the ability to bypass crucial security mechanisms of the ZMTP v3 protocol by employing a ZMTP v2 or earlier header. This situation poses a significant risk as it allows attackers to manipulate the communication between systems, potentially leading to unauthorized access or execution of malicious commands.

References

https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1...

x_refsource_CONFIRM

http://www.debian.org/security/2015/dsa-3255

vendor-advisoryx_refsource_DEBIAN

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2015
Vulnerability Reserved
May 21, 2015

CVE-2014-9721 Data

JSON