Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2021-24031

Published: 10 February 2021

In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.

Priority

Medium

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package Release Status
libzstd
Launchpad, Ubuntu, Debian
impish Not vulnerable
(1.4.8+dfsg-1)
jammy Not vulnerable
(1.4.8+dfsg-1)
lunar Not vulnerable
(1.4.8+dfsg-1)
upstream
Released (1.4.8+dfsg-1)
xenial
Released (1.3.1+dfsg-1~ubuntu0.16.04.1+esm3)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
bionic
Released (1.3.3+dfsg-2ubuntu1.2)
focal
Released (1.4.4+dfsg-3ubuntu0.1)
groovy
Released (1.4.5+dfsg-4ubuntu0.1)
hirsute Not vulnerable
(1.4.8+dfsg-1)
trusty Does not exist

kinetic Not vulnerable
(1.4.8+dfsg-1)
mantic Not vulnerable
(1.4.8+dfsg-1)
Patches:
upstream: https://github.com/facebook/zstd/pull/1644/commits/3968160a916a759c3d3418da533e1b4f8b795343
upstream: https://github.com/facebook/zstd/pull/1644/commits/af80f6dfacafcc2c916ecd57731107221e1f9986

Severity score breakdown

Parameter Value
Base score 5.5
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N