CVE-2021-24032

Published: Mar 4, 2021Modified: Nov 21, 2024

4.7

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.0 / Impact: 3.6

Source: NVD

Description

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.

Affected (1)

Products: Facebook: Zstandard

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Facebook Zstandard	From 1.4.1 to 1.4.9

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

Insecure Inherited Permissions

A product defines a set of insecure permissions that are inherited by objects that are created by the program.

References (6)

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519

Source: cve-assign@fb.com

PatchThird Party Advisory

https://github.com/facebook/zstd/issues/2491

Source: cve-assign@fb.com

Issue TrackingPatchThird Party Advisory

https://www.facebook.com/security/advisories/cve-2021-24032

Source: cve-assign@fb.com

Third Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/facebook/zstd/issues/2491

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://www.facebook.com/security/advisories/cve-2021-24032

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.