Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zeromq libzmq vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-36400
ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a different vulnerability than CVE-2021-20235.
Zeromq Libzmq 4.3.3
9.8
CVSSv3
CVE-2019-13132
In ZeroMQ libzmq prior to 4.0.9, 4.1.x prior to 4.1.7, and 4.2.x prior to 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack w...
Zeromq Libzmq
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
8.8
CVSSv3
CVE-2019-6250
A pointer overflow, with code execution, exists in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x prior to 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated malicious user to overwrite an arbitrary amount of bytes beyond the bounds of a buffe...
Zeromq Libzmq
Debian Debian Linux 9.0
8.1
CVSSv3
CVE-2021-20235
There's a flaw in the zeromq server in versions prior to 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted requ...
Zeromq Libzmq
7.5
CVSSv3
CVE-2021-20237
An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ's src/xpub.cpp in versions prior to 4.3.3. This flaw allows a remote unauthenticated malicious user to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disab...
Zeromq Libzmq
7.5
CVSSv3
CVE-2020-15166
In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients...
Zeromq Libzmq
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2021-20234
An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions prior to 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to syst...
Zeromq Libzmq
NA
CVE-2014-9721
libzmq prior to 4.0.6 and 4.1.x prior to 4.1.1 allows remote malicious users to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header.
Zeromq Zeromq
Zeromq Zeromq 4.1.0
NA
CVE-2014-7202
stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 prior to 4.0.5 allows man-in-the-middle malicious users to conduct downgrade attacks via a crafted connection request.
Zeromq Zeromq 4.0.0
Zeromq Zeromq 4.0.4
NA
CVE-2014-7203
libzmq (aka ZeroMQ/C++) 4.0.x prior to 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle malicious users to conduct replay attacks via unspecified vectors.
Zeromq Zeromq 4.0.2
Zeromq Zeromq 4.0.1
Zeromq Zeromq 4.0.4
Zeromq Zeromq 4.0.3
Zeromq Zeromq 4.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started