Has vulnerability "CVE-2020-36400" been fixed?
kongshuiJ opened this issue · comments
Has vulnerability "CVE-2020-36400" been fixed?
I couldn't find a report on fixing it.
CVE-2020-36400:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36400
The commit that fixed it is literally linked in the mitre.org report you linked
Well, this is timely. I've just been asked to identify any known security vulnerabilities against libzmq for my day job. That led me here, and the mitre link is certainly helpful.
However, kong(?) has a point -- searching the repo for "CVE" (https://github.com/search?q=repo%3Azeromq%2Flibzmq+CVE&type=code) doesn't return much, and most of that is rather old.
So, a couple of questions if you would:
- Is the mitre list (https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libzmq) complete? If not, is there a better source?
- Is it reasonable to assume that if a CVE in the list does not have a commit listed against it, that it is not fixed?
Thanks for any addl. information you can provide.
Hi @bluca
Thank you very much for your reply.
My main purpose is to fully confirm that the vulnerability has been resolved, as vulnerabilities like "CVE-2020-15166" can be searched for keywords in the repository, but I did not find any useful information for "CVE-2020-36400".