CVE-2019-11922

Sažetak

A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.

Reference

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00062.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00078.html
https://github.com/facebook/zstd/pull/1404/commits/3e5cdf1b6a85843e991d7d10f6a2567c15580da0
https://usn.ubuntu.com/4108-1/
https://www.facebook.com/security/advisories/cve-2019-11922
https://www.oracle.com/security-alerts/cpuoct2020.html

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

20-10-2020 - 22:15

Objavljeno

25-07-2019 - 21:15