CVE-2021-24031

Published: Mar 4, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.

Affected (1)

Products: Facebook: Zstandard

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Facebook Zstandard	Before 1.4.1

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

Insecure Inherited Permissions

A product defines a set of insecure permissions that are inherited by objects that are created by the program.

References (6)

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404

Source: cve-assign@fb.com

ExploitIssue TrackingMailing ListThird Party Advisory

https://github.com/facebook/zstd/issues/1630

Source: cve-assign@fb.com

ExploitIssue TrackingThird Party Advisory

https://www.facebook.com/security/advisories/cve-2021-24031

Source: cve-assign@fb.com

Vendor Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingMailing ListThird Party Advisory

https://github.com/facebook/zstd/issues/1630

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://www.facebook.com/security/advisories/cve-2021-24031

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.