In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.
References
Link | Resource |
---|---|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404 | Exploit Issue Tracking Mailing List Third Party Advisory |
https://github.com/facebook/zstd/issues/1630 | Exploit Issue Tracking Third Party Advisory |
https://www.facebook.com/security/advisories/cve-2021-24031 | Vendor Advisory |
Configurations
History
14 Apr 2021, 15:28
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
References | (MISC) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404 - Exploit, Issue Tracking, Mailing List, Third Party Advisory |
09 Mar 2021, 15:25
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/facebook/zstd/issues/1630 - Exploit, Issue Tracking, Third Party Advisory | |
References | (MISC) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404 - Exploit, Mailing List, Third Party Advisory | |
References | (MISC) https://www.facebook.com/security/advisories/cve-2021-24031 - Vendor Advisory | |
CPE | cpe:2.3:a:facebook:zstandard:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 6.4
v3 : 9.1 |
CWE | CWE-276 |
04 Mar 2021, 21:31
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-04 21:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-24031
Mitre link : CVE-2021-24031
CVE.ORG link : CVE-2021-24031
JSON object : View
Products Affected
- zstandard