CVE-2021-24032

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-24032

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-24032.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-24032

Downstream

ALPINE-CVE-2021-24032

DEBIAN-CVE-2021-24032

DSA-4859-1

OESA-2021-1094

SUSE-SU-2021:0948-1

UBUNTU-CVE-2021-24032

USN-4760-1

USN-5720-1

openSUSE-SU-2021:0481-1

Related

Published

2021-03-04T21:15:12Z

Modified

2025-10-21T06:03:29.687334Z

Severity

4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.

References

Affected packages

Git / github.com/facebook/zstd

Affected ranges

Type: GIT
Repo: https://github.com/facebook/zstd
Events: Introduced

52181f877a96ca3feb688820ba852a0c044cc620

Fixed

e4558ffd1dc49399faf4ee5d85abed4386b4dcf5

Affected versions

v1.*

v1.4.1

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.4.7

v1.4.8