A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "libzstd1", "binary_version": "1.3.1+dfsg-1~ubuntu0.16.04.1+esm2" }, { "binary_name": "libzstd1-dbgsym", "binary_version": "1.3.1+dfsg-1~ubuntu0.16.04.1+esm2" }, { "binary_name": "libzstd1-dev", "binary_version": "1.3.1+dfsg-1~ubuntu0.16.04.1+esm2" }, { "binary_name": "zstd", "binary_version": "1.3.1+dfsg-1~ubuntu0.16.04.1+esm2" }, { "binary_name": "zstd-dbgsym", "binary_version": "1.3.1+dfsg-1~ubuntu0.16.04.1+esm2" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "libzstd-dev", "binary_version": "1.3.3+dfsg-2ubuntu1.1" }, { "binary_name": "libzstd1", "binary_version": "1.3.3+dfsg-2ubuntu1.1" }, { "binary_name": "libzstd1-dbgsym", "binary_version": "1.3.3+dfsg-2ubuntu1.1" }, { "binary_name": "libzstd1-dev", "binary_version": "1.3.3+dfsg-2ubuntu1.1" }, { "binary_name": "libzstd1-udeb", "binary_version": "1.3.3+dfsg-2ubuntu1.1" }, { "binary_name": "zstd", "binary_version": "1.3.3+dfsg-2ubuntu1.1" }, { "binary_name": "zstd-dbgsym", "binary_version": "1.3.3+dfsg-2ubuntu1.1" } ] }