libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "4.0.4+dfsg-2ubuntu0.1", "binary_name": "libzmq3" }, { "binary_version": "4.0.4+dfsg-2ubuntu0.1", "binary_name": "libzmq3-dbg" }, { "binary_version": "4.0.4+dfsg-2ubuntu0.1", "binary_name": "libzmq3-dbgsym" }, { "binary_version": "4.0.4+dfsg-2ubuntu0.1", "binary_name": "libzmq3-dev" }, { "binary_version": "4.0.4+dfsg-2ubuntu0.1", "binary_name": "libzmq3-dev-dbgsym" } ] }