generic-library/libzmq
1
0
Fork 0
mirror of https://github.com/zeromq/libzmq.git synced 2024-12-13 02:42:58 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #3360 from bluca/cve

Browse Source 
Problem: NEWS for 4.3.1 does not mention CVE number
This commit is contained in:
Constantin Rack 2019-01-14 11:02:02 +01:00 committed by GitHub
commit e21988d02b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
NEWS
View File

@ -4,8 +4,9 @@
0MQ version 4.3.1 stable, released on 2019/01/12
================================================
* A vulnerability has been found that would allow attackers to direct a peer to
jump to and execute from an address indicated by the attacker.
* CVE-2019-6250: A vulnerability has been found that would allow attackers to
direct a peer to jump to and execute from an address indicated by the
attacker.
This issue has been present since v4.2.0. Older releases are not affected.
NOTE: The attacker needs to know in advance valid addresses in the peer's
memory to jump to, so measures like ASLR are effective mitigations.