Описание
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.
A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.
Отчет
This vulnerability is rated as Moderate because a buffer overrun in Zstd can be triggered by supplying an empty string as an argument to the command-line tool. On exploitation, it could lead to application crashes or unpredictable behavior.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | mysql | Not affected | ||
| Red Hat Enterprise Linux 8 | zstd | Will not fix | ||
| Red Hat Enterprise Linux 9 | zstd | Not affected | ||
| Red Hat AMQ Streams 2.7.0 | Fixed | RHSA-2024:3527 | 30.05.2024 | |
| Red Hat Enterprise Linux 8 | mysql | Fixed | RHSA-2024:0894 | 20.02.2024 |
| Red Hat Enterprise Linux 9 | mysql | Fixed | RHSA-2024:1141 | 05.03.2024 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-mysql80-mysql | Fixed | RHSA-2024:2619 | 30.04.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.
A vulnerability was found in zstd v1.4.10, where an attacker can suppl ...
EPSS
7.5 High
CVSS3