CVE-2014-9721

Publication date 3 June 2015

Last updated 24 July 2024


Ubuntu priority

libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header.

From the Ubuntu Security Team

It was discovered that ZeroMQ mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to bypass ZeroMQs security mechanisms.

Status

Package Ubuntu Release Status
zeromq3 18.04 LTS bionic
Not affected
17.10 artful
Not affected
17.04 zesty
Not affected
16.10 yakkety
Not affected
16.04 LTS xenial
Not affected
15.10 wily
Not affected
15.04 vivid
Fixed 4.0.5+dfsg-2+deb8u1build0.15.04.1
14.10 utopic Ignored end of life
14.04 LTS trusty
Fixed 4.0.4+dfsg-2ubuntu0.1
12.04 LTS precise Not in release