CVE-2021-24032
4.7MEDIUMBeginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions
게시됨: 3/4/2021업데이트됨: 11/21/2024
설명
Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.
AI 분석AI 기반
영향받는 제품
facebookzstandard
참조
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519PatchThird Party Advisory
- https://github.com/facebook/zstd/issues/2491Issue TrackingPatchThird Party Advisory
- https://www.facebook.com/security/advisories/cve-2021-24032Third Party Advisory
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519PatchThird Party Advisory
- https://github.com/facebook/zstd/issues/2491Issue TrackingPatchThird Party Advisory
- https://www.facebook.com/security/advisories/cve-2021-24032Third Party Advisory