zeromq: Denial-of-Service on CURVE/ZAP-protected servers (CVE-2020-15166)
If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them.
Affected Versions: zeromq <= 4.3.2
Fixed In Version: zeromq 4.3.3
- master (9c865ca6)