libzmq.so is vulnerable to denial of service (DoS). Connecting session’s peer pipe _pipe
before successful handshake does not guarantee the server to receive any message from a user with TCP public endpoint configured with CURVE/ZAP-protected.
github.com/zeromq/libzmq/commit/4dd504abebf3eb944d0554c36d490fb2bb742e4f
github.com/zeromq/libzmq/commit/afacdbeccf3598e2409c4be24ffc62067aa5b6f0
github.com/zeromq/libzmq/pull/3913
github.com/zeromq/libzmq/pull/3973
github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m
lists.debian.org/debian-lts-announce/2020/11/msg00017.html
lists.fedoraproject.org/archives/list/[email protected]/message/BZ5IMNQXDB52JFBXHFLK4AHVORFELNNG/
lists.fedoraproject.org/archives/list/[email protected]/message/YFW2ZELCCPS4VLU4OSJOH5YL6KFKTFYW/
security.gentoo.org/glsa/202009-12