UBUNTU-CVE-2020-15166
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2020-15166
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-15166.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-15166
- Related
- Published
- 2020-09-11T16:15:00Z
- Modified
- 2020-09-11T16:15:00Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3.
- References
-
- https://ubuntu.com/security/CVE-2020-15166
- https://www.openwall.com/lists/oss-security/2020/09/07/3
- https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m
- https://github.com/zeromq/libzmq/commit/e7f0090b161ce6344f6bd35009816a925c070b09
- https://ubuntu.com/security/notices/USN-4920-1
- https://www.cve.org/CVERecord?id=CVE-2020-15166
Affected packages
Ubuntu:Pro:14.04:LTS / zeromq3
Package
- Name
- zeromq3
- Purl
- pkg:deb/ubuntu/zeromq3@4.0.4+dfsg-2ubuntu0.1+esm2?arch=src?distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.4+dfsg-2ubuntu0.1+esm2
Affected versions
3.*
3.2.3+dfsg-2
3.2.4+dfsg-1
3.2.4+dfsg-2
3.2.4+dfsg-3
3.2.4+dfsg-4
4.*
4.0.3+dfsg-1
4.0.4+dfsg-2
4.0.4+dfsg-2ubuntu0.1
4.0.4+dfsg-2ubuntu0.1+esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"libzmq3-dev": "4.0.4+dfsg-2ubuntu0.1+esm2",
"libzmq3-dbgsym": "4.0.4+dfsg-2ubuntu0.1+esm2",
"libzmq3-dev-dbgsym": "4.0.4+dfsg-2ubuntu0.1+esm2",
"libzmq3": "4.0.4+dfsg-2ubuntu0.1+esm2",
"libzmq3-dbg": "4.0.4+dfsg-2ubuntu0.1+esm2"
}
]
}
Ubuntu:Pro:16.04:LTS / zeromq3
Package
- Name
- zeromq3
- Purl
- pkg:deb/ubuntu/zeromq3@4.1.4-7ubuntu0.1+esm1?arch=src?distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.1.4-7ubuntu0.1+esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"libzmq3-dev": "4.1.4-7ubuntu0.1+esm1",
"libzmq5-dbg": "4.1.4-7ubuntu0.1+esm1",
"libzmq5-dbgsym": "4.1.4-7ubuntu0.1+esm1",
"libzmq3-dev-dbgsym": "4.1.4-7ubuntu0.1+esm1",
"libzmq5": "4.1.4-7ubuntu0.1+esm1"
}
]
}
Ubuntu:Pro:18.04:LTS / zeromq3
Package
- Name
- zeromq3
- Purl
- pkg:deb/ubuntu/zeromq3@4.2.5-1ubuntu0.2+esm1?arch=src?distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.2.5-1ubuntu0.2+esm1
Ubuntu:20.04:LTS / zeromq3
Package
- Name
- zeromq3