Lucene search
K

234 matches found

Tenable Nessus
Tenable Nessus
added 2023/07/20 12:0 a.m.32 views

Amazon Linux 2023 : libzstd, libzstd-devel, libzstd-static (ALAS2023-2023-244)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-244 advisory. In zstd, supplying an empty string as an argument to either --output-dir-flat or --output-dir-mirror may cause a buffer overrun. CVE-2022-4899 Tenable has extracted the preceding description block...

7.5CVSS7.6AI score0.01588EPSS
Exploits0References4
Amazon
Amazon
added 2023/07/19 12:0 a.m.5 views

Medium: zstd

Issue Overview: In zstd, supplying an empty string as an argument to either --output-dir-flat or --output-dir-mirror may cause a buffer overrun. CVE-2022-4899 Affected Packages: zstd Issue Correction: Run dnf update zstd --releasever 2023.1.20230719 or dnf update --advisory ALAS2023-2023-244...

7.5CVSS7.2AI score0.01588EPSS
Exploits0
Amazon
Amazon
added 2023/07/19 12:0 a.m.50 views

Medium: zstd

Issue Overview: In zstd, supplying an empty string as an argument to either --output-dir-flat or --output-dir-mirror may cause a buffer overrun. CVE-2022-4899 Affected Packages: zstd Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...

7.5CVSS7.3AI score0.01588EPSS
Exploits0
OSV
OSV
added 2023/04/28 3:2 p.m.7 views

SUSE-SU-2023:2074-1 Security update for zstd

This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c bsc1209533...

7.5CVSS7.6AI score0.01588EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/04/16 12:0 a.m.5 views

PT-2023-35779 · Zstd · Zstd

Name of the Vulnerable Software and Affected Versions: ZSTD affected versions not specified Description: The issue is related to a heap-buffer-overflow read, which occurs in the ZSTD decompressSequencesLong bmi2 function, specifically when calling ZSTD decompressSequencesLong and ZSTD...

6.8AI score
Exploits0References2
OSV
OSV
added 2023/04/14 11:5 a.m.3 views

OESA-2023-1214 zstd security update

Zstd is a fast lossless compression algorithm. It's backed by a very fast entropy stage,provided by Huff0 and FSE library. It's a real-time compression scenario for zlib levels and has a better compression ratio. Security Fixes: A vulnerability was found in zstd v1.4.10, where an attacker can...

7.5CVSS9AI score0.01588EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/04/07 12:0 a.m.17 views

Mageia: Security Advisory (MGASA-2023-0128)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.01588EPSS
Exploits0References5
OSV
OSV
added 2023/04/06 9:20 p.m.8 views

MGASA-2023-0128 Updated zstd packages fix security vulnerability

Buffer overrun in util.c CVE-2022-4899...

7.5CVSS7.4AI score0.01588EPSS
Exploits0References4
Mageia
Mageia
added 2023/04/06 9:20 p.m.38 views

Updated zstd packages fix security vulnerability

Buffer overrun in util.c CVE-2022-4899...

7.5CVSS7.5AI score0.01588EPSS
Exploits0References3
Snyk
Snyk
added 2023/04/02 1:7 p.m.3 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. Remediation Upgrade zstd to version 1.5.4 or higher. References - GitHub Issue - GitHub PR Credit: yiyuaner...

7.5CVSS7.3AI score0.01588EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2023/04/01 7:0 a.m.4 views

A vulnerability was found in zstd v1.4.10 where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

...

7.5CVSS6.9AI score0.01588EPSS
Exploits0
OSV
OSV
added 2023/03/31 9:30 p.m.23 views

GHSA-5C9C-6X87-F9VM zstd vulnerable to buffer overrun

A vulnerability was found in zstd v1.4.10, where an attacker can supply an empty string as an argument to the command line tool to cause buffer overrun...

7.5CVSS7.6AI score0.01588EPSS
Exploits0References10
vulnersOsv
vulnersOsv
added 2023/03/31 9:30 p.m.3 views

ax-env (>=0.2.2 <=0.3.1), fb-sapp (>=0.5.3 <=0.5.4) +4 more potentially affected by CVE-2022-4899 via zstd (>=1.4.4.0 <=1.5.2.6)

zstd PYPI version =1.4.4.0, =0.2.2, =0.5.3, =0.0.1a0, =1.0.0, =1.3.0 Source cves: CVE-2022-4899 Source advisory: OSV:GHSA-5C9C-6X87-F9VM...

7.5CVSS6.7AI score0.01588EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2023/03/31 9:30 p.m.31 views

zstd vulnerable to buffer overrun

A vulnerability was found in zstd v1.4.10, where an attacker can supply an empty string as an argument to the command line tool to cause buffer overrun...

7.5CVSS7AI score0.01588EPSS
Exploits0References10Affected Software2
OSV
OSV
added 2023/03/31 8:15 p.m.4 views

AZL-25813 CVE-2022-4899 affecting package zstd for versions less than 1.5.4-1

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun...

7.5CVSS6.8AI score0.01588EPSS
Exploits0References1
OSV
OSV
added 2023/03/31 8:15 p.m.1 views

DEBIAN-CVE-2022-4899

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun...

7.5CVSS7.1AI score0.01588EPSS
Exploits0References1
NVD
NVD
added 2023/03/31 8:15 p.m.12 views

CVE-2022-4899

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun...

7.5CVSS7.5AI score0.01588EPSS
Exploits0References5
OSV
OSV
added 2023/03/31 8:15 p.m.23 views

CVE-2022-4899

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun...

7.5CVSS7.8AI score
Exploits0References5
OSV
OSV
added 2023/03/31 8:15 p.m.1 views

UBUNTU-CVE-2022-4899

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun...

7.5CVSS6.8AI score0.01588EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/03/31 8:15 p.m.77 views

CVE-2022-4899

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun...

7.5CVSS6.8AI score0.01588EPSS
Exploits0References2
Rows per page
Query Builder