Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 04/03/2021 Updated: 28/04/2021

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 4.7 | Impact Score: 3.6 | Exploitability Score: 1

VMScore: 169

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.

Vulnerable Product	Search on Vulmon	Subscribe to Product

No description is available for this CVE ...

A security issue was found in zstd before version 149 During compression and decompression, files were created with the default umask before tightening the file permissions to 0600 By exploiting this race condition, attackers could read or write files they would otherwise not be allowed to access ...

CWE-276 https://github.com/facebook/zstd/issues/2491 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519 https://www.facebook.com/security/advisories/cve-2021-24032 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2021-24032

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-24032

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect