Search CVE reports
1 – 4 of 4 results
CVE-2022-4899
Low priorityA vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.
1 affected package
libzstd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libzstd | Not affected | Vulnerable | Not affected | Not affected | Not affected |
CVE-2021-24032
Medium priorityBeginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output...
1 affected package
libzstd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libzstd | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2021-24031
Medium priorityIn the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be...
1 affected package
libzstd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libzstd | Not affected | Not affected | Fixed | Fixed | Fixed |
CVE-2019-11922
Medium priorityA race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.
1 affected package
libzstd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libzstd | — | Not affected | Not affected | Fixed | Fixed |