PT-2021-15655 · Facebook+5 · Zstandard+5

Delafond

Published

2021-02-20

Updated

2026-04-15

CVE-2021-24032

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Zstandard command-line utility versions 1.4.1 through 1.4.9

Description: The issue arises from an incomplete fix, resulting in output files being created with default permissions before being restricted. This momentary lapse allows unintended parties to potentially read or write to these files.

Recommendations: For versions 1.4.1 through 1.4.9, consider updating to a version that fully addresses the issue, ensuring output files are created with appropriate permissions from the outset, thus preventing unintended access.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-277CWE-276

Related Identifiers

ALT-PU-2021-2105

ALT-PU-2021-2227

ALT-PU-2021-2331

AZL-38944

AZL-39352

CVE-2021-24032

DSA-4859-1

JLSEC-2026-121

MGASA-2021-0323

OESA-2021-1094

OPENSUSE-SU-2021:0481-1

OPENSUSE-SU-2021_0481-1

SUSE-SU-2021:0948-1

USN-4760-1

USN-5720-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Suse

Ubuntu

Zstandard

PT-2021-15655 · Facebook+5 · Zstandard+5

CVE-2021-24032

Weakness Enumeration

Related Identifiers

Affected Products

References · 36