Unrated severityNVD Advisory· Published Mar 4, 2021· Updated Aug 3, 2024
CVE-2021-24032
CVE-2021-24032
Description
Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords3 versionspkg:rpm/opensuse/zstd&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/zstd&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/zstd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2
< 1.4.4-lp152.2.3.1+ 2 more
- (no CPE)range: < 1.4.4-lp152.2.3.1
- (no CPE)range: < 1.4.4-1.6.1
- (no CPE)range: < 1.4.4-1.6.1
- Facebook/Zstandardv5Range: 1.4.1
Patches
Vulnerability mechanics
References
3- bugs.debian.org/cgi-bin/bugreport.cgimitrex_refsource_MISC
- github.com/facebook/zstd/issues/2491mitrex_refsource_MISC
- www.facebook.com/security/advisories/cve-2021-24032mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.