Facebook Zstandard
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Facebook Zstandard.
By the Year
In 2025 there have been 0 vulnerabilities in Facebook Zstandard. Zstandard did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 0 | 0.00 |
2023 | 1 | 7.50 |
2022 | 0 | 0.00 |
2021 | 2 | 5.10 |
2020 | 0 | 0.00 |
2019 | 1 | 8.10 |
2018 | 0 | 0.00 |
It may take a day or so for new Zstandard vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Facebook Zstandard Security Vulnerabilities
A vulnerability was found in zstd v1.4.10, where an attacker
CVE-2022-4899
7.5 - High
- March 31, 2023
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.
Resource Exhaustion
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions
CVE-2021-24031
5.5 - Medium
- March 04, 2021
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.
Incorrect Default Permissions
Beginning in v1.4.1 and prior to v1.4.9
CVE-2021-24032
4.7 - Medium
- March 04, 2021
Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.
Incorrect Default Permissions
A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could
CVE-2019-11922
8.1 - High
- July 25, 2019
A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.
Race Condition
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Facebook Zstandard or by Facebook? Click the Watch button to subscribe.
![subscribe](/images/undraw_subscriber_vabu.png)