exploitDog

CVE-2022-4899

Опубликовано: 31 мар. 2023

Источник: debian

Описание

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libzstd	fixed	1.5.4+dfsg2-1		package
libzstd	no-dsa		bullseye	package
libzstd	not-affected		buster	package

Примечания

https://github.com/facebook/zstd/issues/3200
https://github.com/facebook/zstd/commit/e1873ad576cb478fff0e6e44ad99599cd5fd2846 (v1.5.4)
https://github.com/facebook/zstd/commit/f9f27de91c89d826c6a39c3ef44fb1b02f9a43aa (v1.5.4)
Introduced by https://github.com/facebook/zstd/commit/9a8ccd4ba377060fbe180bcbc3e2bb714bda8726 (v1.4.7)

Связанные уязвимости

CVE-2022-4899

CVSS3: 7.5

ubuntu

больше 2 лет назад

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

CVE-2022-4899

CVSS3: 7.5

redhat

около 3 лет назад

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

CVE-2022-4899

CVSS3: 7.5

nvd

больше 2 лет назад

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

CVE-2022-4899

CVSS3: 7.5

msrc

больше 2 лет назад

Описание отсутствует

SUSE-SU-2023:2074-1

suse-cvrf

больше 2 лет назад

Security update for zstd