UBUNTU-CVE-2021-24031
- Source
- https://ubuntu.com/security/CVE-2021-24031
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-24031.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-24031
- Related
- Published
- 2021-02-10T00:00:00Z
- Modified
- 2024-11-20T12:21:28Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / libzstd
Package
- Name
- libzstd
- Purl
- pkg:deb/ubuntu/libzstd?arch=src?distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.3.1+dfsg-1~ubuntu0.16.04.1+esm3
Affected versions
0.*
0.4.5-1
0.5.1-1
1.*
1.3.1+dfsg-1~ubuntu0.16.04.1
1.3.1+dfsg-1~ubuntu0.16.04.1+esm1
1.3.1+dfsg-1~ubuntu0.16.04.1+esm2
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "1.3.1+dfsg-1~ubuntu0.16.04.1+esm3",
"binary_name": "libzstd1"
},
{
"binary_version": "1.3.1+dfsg-1~ubuntu0.16.04.1+esm3",
"binary_name": "libzstd1-dbgsym"
},
{
"binary_version": "1.3.1+dfsg-1~ubuntu0.16.04.1+esm3",
"binary_name": "libzstd1-dev"
},
{
"binary_version": "1.3.1+dfsg-1~ubuntu0.16.04.1+esm3",
"binary_name": "zstd"
},
{
"binary_version": "1.3.1+dfsg-1~ubuntu0.16.04.1+esm3",
"binary_name": "zstd-dbgsym"
}
]
}
Ubuntu:Pro:16.04:LTS / libzstd
Package
- Name
- libzstd
- Purl
- pkg:deb/ubuntu/libzstd?arch=src?distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:18.04:LTS / libzstd
Package
- Name
- libzstd
- Purl
- pkg:deb/ubuntu/libzstd?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.3.3+dfsg-2ubuntu1.2
Affected versions
1.*
1.3.1+dfsg-1
1.3.2+dfsg-1
1.3.2+dfsg2-1
1.3.3+dfsg-1
1.3.3+dfsg-1ubuntu1
1.3.3+dfsg-2ubuntu1
1.3.3+dfsg-2ubuntu1.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "1.3.3+dfsg-2ubuntu1.2",
"binary_name": "libzstd-dev"
},
{
"binary_version": "1.3.3+dfsg-2ubuntu1.2",
"binary_name": "libzstd1"
},
{
"binary_version": "1.3.3+dfsg-2ubuntu1.2",
"binary_name": "libzstd1-dbgsym"
},
{
"binary_version": "1.3.3+dfsg-2ubuntu1.2",
"binary_name": "libzstd1-dev"
},
{
"binary_version": "1.3.3+dfsg-2ubuntu1.2",
"binary_name": "libzstd1-udeb"
},
{
"binary_version": "1.3.3+dfsg-2ubuntu1.2",
"binary_name": "zstd"
},
{
"binary_version": "1.3.3+dfsg-2ubuntu1.2",
"binary_name": "zstd-dbgsym"
}
]
}
Ubuntu:20.04:LTS / libzstd
Package
- Name
- libzstd
- Purl
- pkg:deb/ubuntu/libzstd?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.4.4+dfsg-3ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "1.4.4+dfsg-3ubuntu0.1",
"binary_name": "libzstd-dev"
},
{
"binary_version": "1.4.4+dfsg-3ubuntu0.1",
"binary_name": "libzstd1"
},
{
"binary_version": "1.4.4+dfsg-3ubuntu0.1",
"binary_name": "libzstd1-dbgsym"
},
{
"binary_version": "1.4.4+dfsg-3ubuntu0.1",
"binary_name": "libzstd1-udeb"
},
{
"binary_version": "1.4.4+dfsg-3ubuntu0.1",
"binary_name": "zstd"
},
{
"binary_version": "1.4.4+dfsg-3ubuntu0.1",
"binary_name": "zstd-dbgsym"
}
]
}