rpm package
opensuse/zstd&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/zstd&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-4899 | — | < 1.5.5-5.1 | 1.5.5-5.1 | Mar 31, 2023 | A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. | ||
| CVE-2019-11922 | — | < 1.5.0-1.13 | 1.5.0-1.13 | Jul 25, 2019 | A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used. |
- CVE-2022-4899Mar 31, 2023affected < 1.5.5-5.1fixed 1.5.5-5.1
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.
- CVE-2019-11922Jul 25, 2019affected < 1.5.0-1.13fixed 1.5.0-1.13
A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.