Your submission was sent successfully! Close

CVE-2014-7202

Published: 08 October 2014

stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request.

From the Ubuntu security team

Matthew Hawn discovered that ZeroMQ did not properly validate the security handshake. A remote attacker could conduct a downgrade attack via a crafted connection request.

Priority

Medium

Status

Package Release Status
zeromq
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

zeromq3
Launchpad, Ubuntu, Debian
Upstream
Released (4.0.5+dfsg-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.0.5+dfsg-2)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.0.5+dfsg-2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.0.4+dfsg-2ubuntu0.1)