libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libzmq3-dev": "4.0.4+dfsg-2ubuntu0.1", "libzmq3-dbgsym": "4.0.4+dfsg-2ubuntu0.1", "libzmq3-dev-dbgsym": "4.0.4+dfsg-2ubuntu0.1", "libzmq3": "4.0.4+dfsg-2ubuntu0.1", "libzmq3-dbg": "4.0.4+dfsg-2ubuntu0.1" } ] }