CVE-2019-11922
Description
A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.
Risk Information
Base Score
8.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.634
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| fast lossless compression algorithm -- development files (USN-4108-1) zstd_1.3.3+dfsg-2ubuntu1.1_i386.deb | Linux |
| fast lossless compression algorithm -- development files (USN-4108-1) zstd_1.3.3+dfsg-2ubuntu1.1_amd64.deb | Linux |
| fast lossless compression algorithm -- development files (USN-4108-1) libzstd1_1.3.3+dfsg-2ubuntu1.1_i386.deb | Linux |
| fast lossless compression algorithm -- development files (USN-4108-1) libzstd1_1.3.3+dfsg-2ubuntu1.1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234