Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 4 of 4 results

CVE-2022-4899

Low priority
Vulnerable

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

1 affected packages

libzstd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libzstd Not affected Vulnerable Not affected Not affected Not affected
Show less packages

CVE-2021-24032

Medium priority
Fixed

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output...

1 affected packages

libzstd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libzstd Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-24031

Medium priority
Fixed

In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be...

1 affected packages

libzstd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libzstd Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2019-11922

Medium priority
Fixed

A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.

1 affected packages

libzstd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libzstd Not affected Not affected Fixed Fixed
Show less packages