CVE-2019-11922: Race Condition
First published: Thu Jul 25 2019(Updated: )
A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.
Credit: cve-assign@fb.com cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Facebook Zstandard | <1.3.8 | |
| debian/libzstd | 1.4.8+dfsg-2.1 1.5.4+dfsg2-5 1.5.6+dfsg-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00062.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00078.html
- https://github.com/facebook/zstd/pull/1404/commits/3e5cdf1b6a85843e991d7d10f6a2567c15580da0
- https://usn.ubuntu.com/4108-1/
- https://www.facebook.com/security/advisories/cve-2019-11922
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://launchpad.net/bugs/cve/CVE-2019-11922
- https://github.com/facebook/zstd/commit/3e5cdf1b6a85843e991d7d10f6a2567c15580da0
- https://security-tracker.debian.org/tracker/CVE-2019-11922
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11922
- https://nvd.nist.gov/vuln/detail/CVE-2019-11922
- https://ubuntu.com/security/CVE-2019-11922
Frequently Asked Questions
What is CVE-2019-11922?
CVE-2019-11922 is a vulnerability in the Zstandard compression library that could allow an attacker to write bytes out of bounds.
What is the severity of CVE-2019-11922?
CVE-2019-11922 has a severity rating of 8.1 (high).
How does CVE-2019-11922 affect Zstandard?
CVE-2019-11922 affects Zstandard versions prior to 1.3.8.
How can I fix CVE-2019-11922?
To fix CVE-2019-11922, it is recommended to update Zstandard to version 1.3.8 or later.
Where can I find more information about CVE-2019-11922?
You can find more information about CVE-2019-11922 on the MITRE CVE website, the GitHub repository for Zstandard, and the Facebook Security Advisories page.
- collector/nvd-index
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/weakness
- collector/usn-cve
- source/Ubuntu
- agent/remedy
- agent/references
- agent/event
- agent/first-publish-date
- agent/description
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/trending
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/source
- vendor/facebook
- canonical/facebook zstandard
- package-manager/debian