« List of all CVEs

CVE-2021-24032

Published: 3/4/2021 Last updated: 8/3/2024 Reserved: 1/13/2021

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.

CNA assigner: facebook (4fc57720-52fe-4431-a0fb-3d2c8747b827) Requested by: n/a

Opam packages affected (6)

conf-llvm conf-llvm-shared conf-llvm-static conf-mingw-w64-zstd-i686 conf-mingw-w64-zstd-x86_64 conf-zstd

Products affected (1)

Product Vendor Version
Zstandard Facebook < 3.13.0rc2

References (6)