CPANSA-Sereal-Decoder-2021-24031-zstd: Sereal-Decoder vulnerability
Publisher | giterlizzi | Document category | csaf_security_advisory |
---|---|---|---|
Initial release date | 2021-03-04T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
Current release date | 2021-03-04T00:00:00 | Build Date | |
Current version | 1 | Status | final |
CVSS v3.1 Base Score | 5.5 | Severity | Medium |
Original language | Language | en | |
Also referred to |
Vulnerability Description
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.
Vulnerabilities
CVE-2021-24031
Vulnerability DescriptionIn the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.
Weakness | CWE-277 : Insecure Inherited Permissions |
---|
Product status
Known affected
Product | Score | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Sereal-Decoder greater than or equal 4.001_001 and less than 4.009_002 |
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-Sereal-Decoder-2021-24031-zstd JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2021/cpansa-sereal-decoder-2021-24031-zstd.json - https://www.facebook.com/security/advisories/cve-2021-24031 external
https://www.facebook.com/security/advisories/cve-2021-24031 - https://github.com/facebook/zstd/issues/1630 external
https://github.com/facebook/zstd/issues/1630 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404 external
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404 - CVE-2021-24031 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2021-24031
Revision history
Version | Date of the revision | Summary of the revision |
---|---|---|
1 | Thu Mar 4 00:00:00 2021 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/