OESA-2024-1133

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1133
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2024-1133.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2024-1133
Upstream
Published
2024-02-08T11:06:55Z
Modified
2025-08-12T05:05:23.869840Z
Summary
zeromq security update
Details

ZeroMQ (also spelled ØMQ, 0MQ or ZMQ) is a high-performance asynchronous messaging library, aimed at use in distributed or concurrent applications. It provides a message queue, but unlike message-oriented middleware, a ZeroMQ system can run without a dedicated message broker. The library's API is designed to resemble Berkeley sockets.

Security Fix(es):

In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3.(CVE-2020-15166)

Database specific
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP4 / zeromq

Package

Name
zeromq
Purl
pkg:rpm/openEuler/zeromq&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.4-1.oe2003sp4

Ecosystem specific

{
    "x86_64": [
        "zeromq-4.3.4-1.oe2003sp4.x86_64.rpm",
        "zeromq-help-4.3.4-1.oe2003sp4.x86_64.rpm",
        "zeromq-debugsource-4.3.4-1.oe2003sp4.x86_64.rpm",
        "zeromq-devel-4.3.4-1.oe2003sp4.x86_64.rpm",
        "cppzmq-devel-4.3.4-1.oe2003sp4.x86_64.rpm",
        "zeromq-debuginfo-4.3.4-1.oe2003sp4.x86_64.rpm"
    ],
    "src": [
        "zeromq-4.3.4-1.oe2003sp4.src.rpm"
    ],
    "aarch64": [
        "cppzmq-devel-4.3.4-1.oe2003sp4.aarch64.rpm",
        "zeromq-debuginfo-4.3.4-1.oe2003sp4.aarch64.rpm",
        "zeromq-debugsource-4.3.4-1.oe2003sp4.aarch64.rpm",
        "zeromq-devel-4.3.4-1.oe2003sp4.aarch64.rpm",
        "zeromq-4.3.4-1.oe2003sp4.aarch64.rpm",
        "zeromq-help-4.3.4-1.oe2003sp4.aarch64.rpm"
    ]
}