4.7

CVE-2021-24032

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FacebookZstandard Version >= 1.4.1 < 1.4.9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.262
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CWE-277 Insecure Inherited Permissions

A product defines a set of insecure permissions that are inherited by objects that are created by the program.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519
Patch
Third Party Advisory
https://github.com/facebook/zstd/issues/2491
Patch
Third Party Advisory
Issue Tracking
https://www.facebook.com/security/advisories/cve-2021-24032
Third Party Advisory