An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ’s src/xpub.cpp in versions before 4.3.3. This flaw allows a remote unauthenticated attacker to send crafted PUB messages that consume excessive memory if the CURVE/ZAP authentication is disabled on the server, causing a denial of service. The highest threat from this vulnerability is to system availability.
[
{
"product": "zeromq",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "zeromq 4.3.3"
}
]
}
]