Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-4899

In zstd, supplying an empty string as an argument to either --output-dir-flat or --output-dir-mirror may cause a buffer overrun. (CVE-2022-4899)

Source

ALAS2-2023-2140

Amazon Linux 2 Security Advisory: ALAS-2023-2140
Advisory Release Date: 2023-07-17 17:40 Pacific
Advisory Updated Date: 2023-07-19 22:18 Pacific

Severity: Medium

References: CVE-2022-4899
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In zstd, supplying an empty string as an argument to either --output-dir-flat or --output-dir-mirror may cause a buffer overrun. (CVE-2022-4899)

Affected Packages:

zstd

Issue Correction:
Run yum update zstd to update your system.

New Packages:

aarch64:
    zstd-1.5.2-1.amzn2.0.1.aarch64
    libzstd-1.5.2-1.amzn2.0.1.aarch64
    libzstd-devel-1.5.2-1.amzn2.0.1.aarch64
    libzstd-static-1.5.2-1.amzn2.0.1.aarch64
    zstd-debuginfo-1.5.2-1.amzn2.0.1.aarch64

i686:
    zstd-1.5.2-1.amzn2.0.1.i686
    libzstd-1.5.2-1.amzn2.0.1.i686
    libzstd-devel-1.5.2-1.amzn2.0.1.i686
    libzstd-static-1.5.2-1.amzn2.0.1.i686
    zstd-debuginfo-1.5.2-1.amzn2.0.1.i686

src:
    zstd-1.5.2-1.amzn2.0.1.src

x86_64:
    zstd-1.5.2-1.amzn2.0.1.x86_64
    libzstd-1.5.2-1.amzn2.0.1.x86_64
    libzstd-devel-1.5.2-1.amzn2.0.1.x86_64
    libzstd-static-1.5.2-1.amzn2.0.1.x86_64
    zstd-debuginfo-1.5.2-1.amzn2.0.1.x86_64

Additional References

Red Hat: CVE-2022-4899

Mitre: CVE-2022-4899

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS2-2023-2140

ALAS2-2023-2140

Additional References

Vulmon Search

About

Products

Connect