PT-2019-3239 · Facebook+3 · Zstandard+3

Published

2018-12-29

Updated

2024-06-15

CVE-2019-11922

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zstandard versions prior to 1.3.8

Description A race condition in the one-pass compression functions could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used. The vulnerability is related to errors in synchronization when using a shared resource, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations For versions prior to 1.3.8, update to version 1.3.8 or later to resolve the issue. As a temporary workaround, consider using output buffers of the recommended size or larger to minimize the risk of exploitation.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2018-2984

BDU:2019-03229

CVE-2019-11922

MGASA-2019-0257

OPENSUSE-SU-2019:1845-1

OPENSUSE-SU-2019:1952-1

OPENSUSE-SU-2019:2008-1

OPENSUSE-SU-2019_1845-1

OPENSUSE-SU-2019_1952-1

OPENSUSE-SU-2024:11544-1

USN-4108-1

USN-5593-1

Affected Products

Alt Linux

Suse

Ubuntu

Zstandard

PT-2019-3239 · Facebook+3 · Zstandard+3

CVE-2019-11922

Weakness Enumeration

Related Identifiers

Affected Products

References · 36