5.5

CVE-2021-24031

Exploit

EPSS 0.06%
Published 04.03.2021 21:15:12
Last modified 21.11.2024 05:52:14
Source cve-assign@fb.com
Teams watchlist Login
Open Login

In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.

Affected products Warnungen 0 Metrics 3 CWE 2 References 6

Data is provided by the National Vulnerability Database (NVD)

Facebook ≫ Zstandard Version < 1.4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.197

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CWE-277 Insecure Inherited Permissions

A product defines a set of insecure permissions that are inherited by objects that are created by the program.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404

Third Party Advisory

Exploit

Mailing List

Issue Tracking

https://github.com/facebook/zstd/issues/1630

Third Party Advisory

Exploit

Issue Tracking

https://www.facebook.com/security/advisories/cve-2021-24031

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-24031

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-24031

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-24031

EUVD