High severityNVD Advisory· Published Mar 31, 2023· Updated Feb 18, 2025
CVE-2022-4899
CVE-2022-4899
Description
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/facebook/zstdSwiftURL | < 1.5.4 | 1.5.4 |
zstdPyPI | < 1.5.4.0 | 1.5.4.0 |
Affected products
23- zstd/zstddescription
- ghsa-coords22 versionspkg:pypi/zstdpkg:rpm/almalinux/mecabpkg:rpm/almalinux/mecab-develpkg:rpm/almalinux/mecab-ipadicpkg:rpm/almalinux/mecab-ipadic-EUCJPpkg:rpm/almalinux/mysqlpkg:rpm/almalinux/mysql-commonpkg:rpm/almalinux/mysql-develpkg:rpm/almalinux/mysql-errmsgpkg:rpm/almalinux/mysql-libspkg:rpm/almalinux/mysql-serverpkg:rpm/almalinux/mysql-testpkg:rpm/opensuse/zstd&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/zstd&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/zstd&distro=openSUSE%20Tumbleweedpkg:rpm/suse/zstd&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/zstd&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/zstd&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/zstd&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/zstd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/zstd&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:swift/github.com/facebook/zstd
< 1.5.4.0+ 21 more
- (no CPE)range: < 1.5.4.0
- (no CPE)range: < 0.996-2.module_el8.6.0+3340+d764b636
- (no CPE)range: < 0.996-2.module_el8.6.0+3340+d764b636
- (no CPE)range: < 2.7.0.20070801-16.module_el8.6.0+3340+d764b636
- (no CPE)range: < 2.7.0.20070801-16.module_el8.6.0+3340+d764b636
- (no CPE)range: < 8.0.36-1.module_el8.9.0+3735+82bd6c11
- (no CPE)range: < 8.0.36-1.module_el8.9.0+3735+82bd6c11
- (no CPE)range: < 8.0.36-1.module_el8.9.0+3735+82bd6c11
- (no CPE)range: < 8.0.36-1.module_el8.9.0+3735+82bd6c11
- (no CPE)range: < 8.0.36-1.module_el8.9.0+3735+82bd6c11
- (no CPE)range: < 8.0.36-1.module_el8.9.0+3735+82bd6c11
- (no CPE)range: < 8.0.36-1.module_el8.9.0+3735+82bd6c11
- (no CPE)range: < 1.5.0-150400.3.3.1
- (no CPE)range: < 1.5.0-150400.3.3.1
- (no CPE)range: < 1.5.5-5.1
- (no CPE)range: < 1.4.4-150000.1.9.1
- (no CPE)range: < 1.4.4-150000.1.9.1
- (no CPE)range: < 1.5.0-150400.3.3.1
- (no CPE)range: < 1.5.0-150400.3.3.1
- (no CPE)range: < 1.5.0-150400.3.3.1
- (no CPE)range: < 1.4.4-150000.1.9.1
- (no CPE)range: < 1.5.4
Patches
Vulnerability mechanics
References
14- github.com/advisories/GHSA-5c9c-6x87-f9vmghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2022-4899ghsaADVISORY
- github.com/facebook/zstd/issues/3200ghsaWEB
- github.com/facebook/zstd/pull/3220ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/zstd/PYSEC-2023-121.yamlghsaWEB
- github.com/sergey-dryabzhinsky/python-zstd/commit/c8a619aebdbd6b838fbfef6e19325a70f631a4c6ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOAghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCNghsaWEB
- security.netapp.com/advisory/ntap-20230725-0005ghsaWEB
- security.netapp.com/advisory/ntap-20230725-0005/mitre
News mentions
0No linked articles in our index yet.