How severe is CVE-2021-24032?

CVE-2021-24032 has a CVSS v3 score of 4.7 (MEDIUM).

CVE-2021-24032

Name: zstandard
Author: facebook

4.7MEDIUM

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions

公開日: 3/4/2021更新日: 11/21/2024

説明

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.

AI分析AIによる分析

影響を受ける製品

facebookzstandard

参照

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519
PatchThird Party Advisory
https://github.com/facebook/zstd/issues/2491
Issue TrackingPatchThird Party Advisory
https://www.facebook.com/security/advisories/cve-2021-24032
Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519
PatchThird Party Advisory
https://github.com/facebook/zstd/issues/2491
Issue TrackingPatchThird Party Advisory
https://www.facebook.com/security/advisories/cve-2021-24032
Third Party Advisory