How severe is CVE-2021-24032?

CVE-2021-24032 has a CVSS v3 score of 4.7 (MEDIUM).

CVE-2021-24032

Name: zstandard
Author: facebook

4.7MEDIUM

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions

发布于: 3/4/2021更新于: 11/21/2024

描述

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.

AI分析AI驱动

受影响产品

facebookzstandard

参考资料

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519
PatchThird Party Advisory
https://github.com/facebook/zstd/issues/2491
Issue TrackingPatchThird Party Advisory
https://www.facebook.com/security/advisories/cve-2021-24032
Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519
PatchThird Party Advisory
https://github.com/facebook/zstd/issues/2491
Issue TrackingPatchThird Party Advisory
https://www.facebook.com/security/advisories/cve-2021-24032
Third Party Advisory