PT-2019-3239 · Facebook+3 · Zstandard+3

Publicado

2018-12-29

Atualizado

2024-06-15

CVE-2019-11922

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zstandard versions prior to 1.3.8

Description A race condition in the one-pass compression functions could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used. The vulnerability is related to errors in synchronization when using a shared resource, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations For versions prior to 1.3.8, update to version 1.3.8 or later to resolve the issue. As a temporary workaround, consider using output buffers of the recommended size or larger to minimize the risk of exploitation.

Correção

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

ALT-PU-2018-2984

BDU:2019-03229

CVE-2019-11922

MGASA-2019-0257

OPENSUSE-SU-2019:1845-1

OPENSUSE-SU-2019:1952-1

OPENSUSE-SU-2019:2008-1

OPENSUSE-SU-2019_1845-1

OPENSUSE-SU-2019_1952-1

OPENSUSE-SU-2024:11544-1

USN-4108-1

USN-5593-1

Produtos afetados

Alt Linux

Suse

Ubuntu

Zstandard

PT-2019-3239 · Facebook+3 · Zstandard+3

CVE-2019-11922

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 36