CVE-2021-24031

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-24031

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-24031.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-24031

Related

Published

2021-03-04T21:15:12Z

Modified

2024-12-05T15:27:10.046636Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.

References

Affected packages

Alpine:v3.14 / zstd

Package

Name: zstd
Purl: pkg:apk/alpine/zstd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.1-r0

Affected versions

1.*

1.1.1-r0

1.1.3-r0

1.1.4-r0

1.2.0-r0

1.3.0-r0

1.3.1-r0

1.3.2-r0

1.3.3-r0

1.3.3-r1

1.3.4-r0

1.3.5-r0

1.3.7-r0

1.3.7-r1

1.3.8-r0

1.4.0-r0

Alpine:v3.15 / zstd

Package

Name: zstd
Purl: pkg:apk/alpine/zstd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.1-r0

Affected versions

1.*

1.1.1-r0

1.1.3-r0

1.1.4-r0

1.2.0-r0

1.3.0-r0

1.3.1-r0

1.3.2-r0

1.3.3-r0

1.3.3-r1

1.3.4-r0

1.3.5-r0

1.3.7-r0

1.3.7-r1

1.3.8-r0

1.4.0-r0

Alpine:v3.16 / zstd

Package

Name: zstd
Purl: pkg:apk/alpine/zstd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.1-r0

Affected versions

1.*

1.1.1-r0

1.1.3-r0

1.1.4-r0

1.2.0-r0

1.3.0-r0

1.3.1-r0

1.3.2-r0

1.3.3-r0

1.3.3-r1

1.3.4-r0

1.3.5-r0

1.3.7-r0

1.3.7-r1

1.3.8-r0

1.4.0-r0

Alpine:v3.17 / zstd

Package

Name: zstd
Purl: pkg:apk/alpine/zstd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.1-r0

Affected versions

1.*

1.1.1-r0

1.1.3-r0

1.1.4-r0

1.2.0-r0

1.3.0-r0

1.3.1-r0

1.3.2-r0

1.3.3-r0

1.3.3-r1

1.3.4-r0

1.3.5-r0

1.3.7-r0

1.3.7-r1

1.3.8-r0

1.4.0-r0

Alpine:v3.18 / zstd

Package

Name: zstd
Purl: pkg:apk/alpine/zstd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.1-r0

Affected versions

1.*

1.1.1-r0

1.1.3-r0

1.1.4-r0

1.2.0-r0

1.3.0-r0

1.3.1-r0

1.3.2-r0

1.3.3-r0

1.3.3-r1

1.3.4-r0

1.3.5-r0

1.3.7-r0

1.3.7-r1

1.3.8-r0

1.4.0-r0

Alpine:v3.19 / zstd

Package

Name: zstd
Purl: pkg:apk/alpine/zstd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.1-r0

Affected versions

1.*

1.1.1-r0

1.1.3-r0

1.1.4-r0

1.2.0-r0

1.3.0-r0

1.3.1-r0

1.3.2-r0

1.3.3-r0

1.3.3-r1

1.3.4-r0

1.3.5-r0

1.3.7-r0

1.3.7-r1

1.3.8-r0

1.4.0-r0

Alpine:v3.20 / zstd

Package

Name: zstd
Purl: pkg:apk/alpine/zstd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.1-r0

Affected versions

1.*

1.1.1-r0

1.1.3-r0

1.1.4-r0

1.2.0-r0

1.3.0-r0

1.3.1-r0

1.3.2-r0

1.3.3-r0

1.3.3-r1

1.3.4-r0

1.3.5-r0

1.3.7-r0

1.3.7-r1

1.3.8-r0

1.4.0-r0

Alpine:v3.21 / zstd

Package

Name: zstd
Purl: pkg:apk/alpine/zstd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.1-r0

Affected versions

1.*

1.1.1-r0

1.1.3-r0

1.1.4-r0

1.2.0-r0

1.3.0-r0

1.3.1-r0

1.3.2-r0

1.3.3-r0

1.3.3-r1

1.3.4-r0

1.3.5-r0

1.3.7-r0

1.3.7-r1

1.3.8-r0

1.4.0-r0

Debian:11 / libzstd

Package

Name: libzstd
Purl: pkg:deb/debian/libzstd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.8+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libzstd

Package

Name: libzstd
Purl: pkg:deb/debian/libzstd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.8+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libzstd

Package

Name: libzstd
Purl: pkg:deb/debian/libzstd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.8+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/facebook/zstd

Affected ranges

Type: GIT
Repo: https://github.com/facebook/zstd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

52181f877a96ca3feb688820ba852a0c044cc620

Affected versions

Other

fuzz-corpora

fuzz-corpora2

vxyz

v0.*

v0.0.29

v0.1.0

v0.1.1

v0.4.3

v0.4.4

v0.4.5

v0.4.6

v0.4.7

v0.5.0

v0.5.1

v0.6.0

v0.6.1

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.8.0

v0.8.1

v1.*

v1.0.0

v1.1.0

v1.1.1

v1.1.2

v1.3.7

v1.3.8

v1.4.0

zstd-0.*

zstd-0.1.2

zstd-0.1.3

zstd-0.2.0

zstd-0.2.1

zstd-0.2.2

zstd-0.3.0

zstd-0.3.1

zstd-0.3.2

zstd-0.3.3

zstd-0.3.4

zstd-0.3.5

zstd-0.3.6

zstd-0.4.0

zstd-0.4.1

zstd-0.4.2