FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6954a2b0-bda8-11eb-a04e-641c67a117d8libzmq4 -- Stack overflow

Fang-Pen Lin reports:

A remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations.

Discovery 2019-06-27
Entry 2021-05-25
lt 4.3.2

10a6d0aa-0b1c-11e5-bb90-002590263bf5libzmq4 -- V3 protocol handler vulnerable to downgrade attacks

Pieter Hintjens reports:

It is easy to bypass the security mechanism in 4.1.0 and 4.0.5 by sending a ZMTP v2 or earlier header. The library accepts such connections without applying its security mechanism.

Discovery 2014-12-04
Entry 2015-06-10
Modified 2015-09-28
ge 4.0.0 lt 4.0.6

ge 4.1.0 lt 4.1.1

21ec4428-bdaa-11eb-a04e-641c67a117d8libzmq4 -- Denial of Service

Google's oss-fuzz project reports:

Denial-of-Service on CURVE/ZAP-protected servers by unauthenticated clients. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them.

Discovery 2020-09-07
Entry 2021-05-25
lt 4.3.3