Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Zstandard Security Vulnerabilities

cve
cve

CVE-2019-11922

A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.

8.1CVSS

7.8AI Score

0.031EPSS

2019-07-25 09:15 PM
378
cve
cve

CVE-2021-24031

In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.

5.5CVSS

5.1AI Score

0.001EPSS

2021-03-04 09:15 PM
170
7
cve
cve

CVE-2021-24032

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to uninten...

4.7CVSS

5.1AI Score

0.001EPSS

2021-03-04 09:15 PM
175
7
cve
cve

CVE-2022-4899

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

7.5CVSS

7.4AI Score

0.002EPSS

2023-03-31 08:15 PM
74