PT-2019-6407 · Facebook+5 · Zstandard+5

Harald Dunkel

Published

2019-06-04

Updated

2022-11-09

CVE-2021-24031

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Zstandard command-line utility versions prior to 1.4.1

Description The issue is related to the default file permissions used by the Zstandard command-line utility. Output files are created with default permissions, which could allow unintended parties to read or write to these files before the correct permissions are set at completion time. This could potentially lead to unauthorized access to confidential data.

Recommendations For versions prior to 1.4.1, update to version 1.4.1 or later to ensure that output files are created with the correct permissions, matching the input file's permissions.

Exploit

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-277CWE-276

Related Identifiers

ALT-PU-2019-2358

ALT-PU-2019-2551

BDU:2023-07824

CVE-2021-24031

DLA-2573-1

DSA-4850-1

MGASA-2021-0322

OPENSUSE-SU-2021:0481-1

OPENSUSE-SU-2021_0481-1

SUSE-SU-2021:0948-1

SUSE-SU-2021_0948-1

USN-4760-1

USN-5720-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Suse

Ubuntu

Zstandard

PT-2019-6407 · Facebook+5 · Zstandard+5

CVE-2021-24031

Weakness Enumeration

Related Identifiers

Affected Products

References · 33