Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: facebook
Published: 2021-03-04T20:15:21
Updated: 2024-08-03T19:21:17.115Z
Reserved: 2021-01-13T00:00:00
Link: CVE-2021-24032
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-03-04T21:15:12.963
Modified: 2024-11-21T05:52:14.943
Link: CVE-2021-24032
Redhat