FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libzmq4 -- Denial of Service

Affected packages
libzmq4 < 4.3.3

Details

VuXML ID 21ec4428-bdaa-11eb-a04e-641c67a117d8
Discovery 2020-09-07
Entry 2021-05-25

Google's oss-fuzz project reports:

Denial-of-Service on CURVE/ZAP-protected servers by unauthenticated clients. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them.

[source]

References

CVE Name CVE-2020-15166
FreeBSD PR ports/255102
URL https://github.com/zeromq/libzmq/releases/tag/v4.3.3
URL https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.