Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-15166

Опубликовано: 11 сент. 2020
Источник: ubuntu
Приоритет: medium
CVSS2: 5
CVSS3: 7.5

Описание

In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
devel

not-affected

4.3.3-4ubuntu1
esm-apps/bionic

released

4.2.5-1ubuntu0.2+esm1
esm-apps/focal

released

4.3.2-2ubuntu1.20.04.1~esm1
esm-apps/jammy

not-affected

4.3.3-4ubuntu1
esm-apps/noble

not-affected

4.3.3-4ubuntu1
esm-apps/xenial

released

4.1.4-7ubuntu0.1+esm1
esm-infra-legacy/trusty

released

4.0.4+dfsg-2ubuntu0.1+esm2
focal

ignored

end of standard support, was needed
groovy

ignored

end of life

Показывать по

Ссылки на источники

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-15166

CVSS3: 7.5
redhat
больше 5 лет назад

In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3.

nvd логотип

CVE-2020-15166

CVSS3: 7.5
nvd
больше 5 лет назад

In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3.

debian логотип

CVE-2020-15166

CVSS3: 7.5
debian
больше 5 лет назад

In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerabi ...

suse-cvrf логотип

openSUSE-SU-2020:1910-1

suse-cvrf
около 5 лет назад

Security update for zeromq

suse-cvrf логотип

openSUSE-SU-2020:1907-1

suse-cvrf
около 5 лет назад

Security update for zeromq

5 Medium

CVSS2

7.5 High

CVSS3