234 matches found
Amazon Linux 2023 : libzstd, libzstd-devel, libzstd-static (ALAS2023-2023-244)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-244 advisory. In zstd, supplying an empty string as an argument to either --output-dir-flat or --output-dir-mirror may cause a buffer overrun. CVE-2022-4899 Tenable has extracted the preceding description block...
Medium: zstd
Issue Overview: In zstd, supplying an empty string as an argument to either --output-dir-flat or --output-dir-mirror may cause a buffer overrun. CVE-2022-4899 Affected Packages: zstd Issue Correction: Run dnf update zstd --releasever 2023.1.20230719 or dnf update --advisory ALAS2023-2023-244...
Medium: zstd
Issue Overview: In zstd, supplying an empty string as an argument to either --output-dir-flat or --output-dir-mirror may cause a buffer overrun. CVE-2022-4899 Affected Packages: zstd Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...
SUSE-SU-2023:2074-1 Security update for zstd
This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c bsc1209533...
PT-2023-35779 · Zstd · Zstd
Name of the Vulnerable Software and Affected Versions: ZSTD affected versions not specified Description: The issue is related to a heap-buffer-overflow read, which occurs in the ZSTD decompressSequencesLong bmi2 function, specifically when calling ZSTD decompressSequencesLong and ZSTD...
OESA-2023-1214 zstd security update
Zstd is a fast lossless compression algorithm. It's backed by a very fast entropy stage,provided by Huff0 and FSE library. It's a real-time compression scenario for zlib levels and has a better compression ratio. Security Fixes: A vulnerability was found in zstd v1.4.10, where an attacker can...
Mageia: Security Advisory (MGASA-2023-0128)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2023-0128 Updated zstd packages fix security vulnerability
Buffer overrun in util.c CVE-2022-4899...
Updated zstd packages fix security vulnerability
Buffer overrun in util.c CVE-2022-4899...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. Remediation Upgrade zstd to version 1.5.4 or higher. References - GitHub Issue - GitHub PR Credit: yiyuaner...
A vulnerability was found in zstd v1.4.10 where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.
...
GHSA-5C9C-6X87-F9VM zstd vulnerable to buffer overrun
A vulnerability was found in zstd v1.4.10, where an attacker can supply an empty string as an argument to the command line tool to cause buffer overrun...
ax-env (>=0.2.2 <=0.3.1), fb-sapp (>=0.5.3 <=0.5.4) +4 more potentially affected by CVE-2022-4899 via zstd (>=1.4.4.0 <=1.5.2.6)
zstd PYPI version =1.4.4.0, =0.2.2, =0.5.3, =0.0.1a0, =1.0.0, =1.3.0 Source cves: CVE-2022-4899 Source advisory: OSV:GHSA-5C9C-6X87-F9VM...
zstd vulnerable to buffer overrun
A vulnerability was found in zstd v1.4.10, where an attacker can supply an empty string as an argument to the command line tool to cause buffer overrun...
AZL-25813 CVE-2022-4899 affecting package zstd for versions less than 1.5.4-1
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun...
DEBIAN-CVE-2022-4899
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun...
CVE-2022-4899
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun...
CVE-2022-4899
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun...
UBUNTU-CVE-2022-4899
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun...
CVE-2022-4899
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun...