Vulnerability Description
Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zstandard | >= 1.4.1, < 1.4.9 |
Related Weaknesses (CWE)
References
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519PatchThird Party Advisory
- https://github.com/facebook/zstd/issues/2491Issue TrackingPatchThird Party Advisory
- https://www.facebook.com/security/advisories/cve-2021-24032Third Party Advisory
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519PatchThird Party Advisory
- https://github.com/facebook/zstd/issues/2491Issue TrackingPatchThird Party Advisory
- https://www.facebook.com/security/advisories/cve-2021-24032Third Party Advisory
FAQ
What is CVE-2021-24032?
CVE-2021-24032 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions ...
How severe is CVE-2021-24032?
CVE-2021-24032 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24032?
Check the references section above for vendor advisories and patch information. Affected products include: Facebook Zstandard.