JLSEC-2026-513

See a problem?
Please try reporting it to the source first.
Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-513.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-513.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2026-513
Upstream
  • EUVD-2020-7240
Published
2026-05-20T04:02:19.667Z
Modified
2026-05-20T04:15:03.603167934Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3.

Database specific 
{
    "sources": [
        {
            "id": "CVE-2020-15166",
            "database_specific": {
                "status": "Modified"
            },
            "imported": "2026-05-20T01:02:00.794Z",
            "modified": "2024-11-21T05:04:59.230Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2020-15166",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15166",
            "published": "2020-09-11T16:15:12.177Z"
        },
        {
            "id": "EUVD-2020-7240",
            "modified": "2024-08-04T13:08:22Z",
            "url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2020-7240",
            "html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-7240",
            "imported": "2026-05-20T01:02:02.191Z",
            "published": "2020-09-11T15:35:14Z"
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / ZeroMQ_jll

Package

Name
ZeroMQ_jll
Purl
pkg:julia/ZeroMQ_jll?uuid=8f1865be-045e-5c20-9c9f-bfbfb0764568

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.4+0

Database specific

source 
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-513.json"