Published: 31/03/2023 Updated: 07/11/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

Vulnerable Product	Search on Vulmon	Subscribe to Product
facebook zstandard 1.4.10

In zstd, supplying an empty string as an argument to either --output-dir-flat or --output-dir-mirror may cause a buffer overrun (CVE-2022-4899) ...

Combining the best - Canonical's Chisel with consumable SBOMs!

Results This stuff is very hacky at the moment - it was hacked together in an afternoon! Update @ 11-June-2023: Our SBOMs are now directly scannable by Trivy! Here is a scan of the chiselled stunnel container image $ trivy sbom base_image_stunnel_sbomjson 2023-06-15T23:23:51606+0530 INFO Vulnerability scanning is enabled 2023-06-15T23:23:51607+0530 INFO Detected SBOM format

CWE-400 https://github.com/facebook/zstd/issues/3200 https://security.netapp.com/advisory/ntap-20230725-0005/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/https://nvd.nist.gov https://github.com/kholia/chisel-examples https://alas.aws.amazon.com/AL2/ALAS-2023-2140.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-4899

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect