CVE-2021-24032
4.7MEDIUMBeginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions
Publicado: 3/4/2021Atualizado: 11/21/2024
Descrição
Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.
Análise IADesenvolvido por IA
Produtos Afetados
facebookzstandard
Referências
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519PatchThird Party Advisory
- https://github.com/facebook/zstd/issues/2491Issue TrackingPatchThird Party Advisory
- https://www.facebook.com/security/advisories/cve-2021-24032Third Party Advisory
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519PatchThird Party Advisory
- https://github.com/facebook/zstd/issues/2491Issue TrackingPatchThird Party Advisory
- https://www.facebook.com/security/advisories/cve-2021-24032Third Party Advisory