CVE-2020-15166 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Denial of service
Description	A denial of service has been found in libzmq before 4.3.3, allowing unauthenticated clients to prevent legitimate clients from exchange any message with a CURVE/ZAP-protected server.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1220	lib32-zeromq	4.3.2-1	4.3.3-1	High	Fixed
AVG-1219	zeromq	4.3.2-3	4.3.3-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
26 Sep 2020	ASA-202009-16	AVG-1219	zeromq	High	denial of service
26 Sep 2020	ASA-202009-15	AVG-1220	lib32-zeromq	High	denial of service

References
https://github.com/zeromq/libzmq/pull/3913/commits/e7f0090b161ce6344f6bd35009816a925c070b09 https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m https://oss-fuzz.com/testcase-detail/5707174518194176

References

https://github.com/zeromq/libzmq/pull/3913/commits/e7f0090b161ce6344f6bd35009816a925c070b09
https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m
https://oss-fuzz.com/testcase-detail/5707174518194176