PT-2019-6407 · Facebook+5 · Zstandard+5

Harald Dunkel

·

Publicado

2019-06-04

·

Atualizado

2022-11-09

·

CVE-2021-24031

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Zstandard command-line utility versions prior to 1.4.1
Description The issue is related to the default file permissions used by the Zstandard command-line utility. Output files are created with default permissions, which could allow unintended parties to read or write to these files before the correct permissions are set at completion time. This could potentially lead to unauthorized access to confidential data.
Recommendations For versions prior to 1.4.1, update to version 1.4.1 or later to ensure that output files are created with the correct permissions, matching the input file's permissions.

Exploit

Correção

Incorrect Default Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-277CWE-276

Identificadores relacionados

ALT-PU-2019-2358
ALT-PU-2019-2551
BDU:2023-07824
CVE-2021-24031
DLA-2573-1
DSA-4850-1
MGASA-2021-0322
OPENSUSE-SU-2021:0481-1
OPENSUSE-SU-2021_0481-1
SUSE-SU-2021:0948-1
SUSE-SU-2021_0948-1
USN-4760-1
USN-5720-1

Produtos afetados

Alt Linux
Astra Linux
Linuxmint
Suse
Ubuntu
Zstandard