Your submission was sent successfully! Close

CVE-2014-7203

Published: 08 October 2014

libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors.

From the Ubuntu security team

Matthew Hawn discovered that ZeroMQ did validate that connection nonces were unique. A remote attacker could use this vulnerability to conduct replay attacks.

Priority

Medium

Status

Package Release Status
zeromq
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

zeromq3
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.0.5+dfsg-2)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.0.5+dfsg-2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.0.4+dfsg-2ubuntu0.1)