In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: facebook

Published: 2021-03-04T20:15:21

Updated: 2024-08-03T19:21:17.205Z

Reserved: 2021-01-13T00:00:00

Link: CVE-2021-24031

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-03-04T21:15:12.743

Modified: 2024-11-21T05:52:14.813

Link: CVE-2021-24031

cve-icon Redhat

Severity : Low

Publid Date: 2021-02-11T00:00:00Z

Links: CVE-2021-24031 - Bugzilla