Facebook Zstandard
By the Year
In 2023 there have been 0 vulnerabilities in Facebook Zstandard . Zstandard did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 2 | 5.10 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 8.10 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Zstandard vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Facebook Zstandard Security Vulnerabilities
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions
CVE-2021-24031
5.5 - Medium
- March 04, 2021
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.
Incorrect Default Permissions
Beginning in v1.4.1 and prior to v1.4.9
CVE-2021-24032
4.7 - Medium
- March 04, 2021
Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.
Incorrect Default Permissions
A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could
CVE-2019-11922
8.1 - High
- July 25, 2019
A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.
Race Condition
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Facebook Zstandard or by Facebook? Click the Watch button to subscribe.
