DSA-4761-1 zeromq3 -- zeromq3ID: oval:org.secpod.oval:def:605008 | Date: (C)2020-09-08 (M)2023-11-13 |
Class: PATCH | Family: unix |
It was discovered that ZeroMQ, a lightweight messaging kernel library does not properly handle connecting peers before a handshake is completed. A remote, unauthenticated client connecting to an application using the libzmq library, running with a socket listening with CURVE encryption/authentication enabled can take advantage of this flaw to cause a denial of service affecting authenticated and encrypted clients.
Product: |
libzmq5 |
libzmq3-dev |