Vulnerabilities > Zeromq

DATE CVE VULNERABILITY TITLE RISK
2021-07-01 CVE-2020-36400 Out-of-bounds Write vulnerability in Zeromq Libzmq 4.3.3
ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a different vulnerability than CVE-2021-20235.
network
low complexity
zeromq CWE-787
7.5
7.5
2021-05-28 CVE-2021-20236 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the ZeroMQ server in versions before 4.3.3.
network
low complexity
zeromq redhat fedoraproject CWE-787
critical
 9.8
9.8
2021-05-28 CVE-2021-20237 Memory Leak vulnerability in Zeromq Libzmq
An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ's src/xpub.cpp in versions before 4.3.3.
network
zeromq CWE-401
4.3
4.3
2021-04-01 CVE-2021-20235 Out-of-bounds Write vulnerability in Zeromq Libzmq
There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp.
network
high complexity
zeromq CWE-787
8.1
8.1
2021-04-01 CVE-2021-20234 Memory Leak vulnerability in Zeromq Libzmq
An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp.
network
zeromq CWE-401
4.3
4.3
2020-09-11 CVE-2020-15166 Resource Exhaustion vulnerability in multiple products
In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability.
network
low complexity
zeromq fedoraproject debian CWE-400
7.5
7.5
2019-07-10 CVE-2019-13132 Out-of-bounds Write vulnerability in multiple products
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library.
network
low complexity
zeromq debian canonical fedoraproject CWE-787
critical
 9.8
9.8
2019-01-13 CVE-2019-6250 Integer Overflow or Wraparound vulnerability in multiple products
A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1.
network
low complexity
zeromq debian CWE-190
critical
 9.0
9.0
2015-06-03 CVE-2014-9721 Improper Input Validation vulnerability in Zeromq
libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header.
network
zeromq CWE-20
4.3
4.3
2014-10-08 CVE-2014-7203 Security Bypass vulnerability in ZeroMQ
libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors.
network
zeromq
4.3
4.3