Описание
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.
A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.
Отчет
The vulnerability in the zstd command-line utility is rated as Moderate Severity because it involves an Incorrect Calculation of Buffer Size (CWE-400) within the mallocAndJoin2Dir function in programs/util.c. A remote attacker can exploit this flaw by providing an input, specifically an empty string, which causes a function boundary error and results in a heap-based Out-of-Bounds Read on memory. This ultimately leads to a program crash, causing a Denial of Service condition that is limited to the specific zstd process or service instance, rather than affecting the entire host system's stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | mysql | Not affected | ||
| Red Hat Enterprise Linux 8 | zstd | Will not fix | ||
| Red Hat Enterprise Linux 9 | zstd | Not affected | ||
| Red Hat AMQ Streams 2.7.0 | Fixed | RHSA-2024:3527 | 30.05.2024 | |
| Red Hat Enterprise Linux 8 | mysql | Fixed | RHSA-2024:0894 | 20.02.2024 |
| Red Hat Enterprise Linux 9 | mysql | Fixed | RHSA-2024:1141 | 05.03.2024 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-mysql80-mysql | Fixed | RHSA-2024:2619 | 30.04.2024 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.
A vulnerability was found in zstd v1.4.10 where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.
A vulnerability was found in zstd v1.4.10, where an attacker can suppl ...
7.5 High
CVSS3