Published: 25/07/2019 Updated: 20/10/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an malicious user to write bytes out of bounds if an output buffer smaller than the recommended size was used.

Vulnerable Product	Search on Vulmon	Subscribe to Product
facebook zstandard

Zstandard could be made to execute arbitrary code if it received specially crafted input ...

A race condition in the one-pass compression functions of Zstandard prior to version 138 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used ...

CWE-362 https://www.facebook.com/security/advisories/cve-2019-11922 https://github.com/facebook/zstd/pull/1404/commits/3e5cdf1b6a85843e991d7d10f6a2567c15580da0 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00062.html https://usn.ubuntu.com/4108-1/http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00078.html https://www.oracle.com/security-alerts/cpuoct2020.html https://usn.ubuntu.com/4108-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-11922

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect