« List of all CVEs

CVE-2021-24031

Published: 3/4/2021 Last updated: 8/3/2024 Reserved: 1/13/2021

In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.

CNA assigner: facebook (4fc57720-52fe-4431-a0fb-3d2c8747b827) Requested by: n/a

Opam packages affected (6)

conf-llvm conf-llvm-shared conf-llvm-static conf-mingw-w64-zstd-i686 conf-mingw-w64-zstd-x86_64 conf-zstd

Products affected (1)

Product Vendor Version
Zstandard Facebook 1.3(2j)

References (6)