- Vulnerability/
- CVE-2021-24031
CVE-2021-24031
First published: Thu Mar 04 2021(Updated: )
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.
Credit: cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Facebook Zstandard | <1.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-24031?
CVE-2021-24031 is a vulnerability in the Zstandard command-line utility prior to v1.4.1 that allows output files to be readable or writable to unintended parties.
What is the severity of CVE-2021-24031?
CVE-2021-24031 has a severity value of 5.5, which is considered medium.
How does CVE-2021-24031 impact the Zstandard command-line utility?
CVE-2021-24031 impacts the Zstandard command-line utility by creating output files with default permissions, making them readable or writable to unintended parties.
What is the affected version of the Zstandard command-line utility?
The Zstandard command-line utility version prior to v1.4.1 is affected by CVE-2021-24031.
Is there a fix available for CVE-2021-24031?
Yes, the fix for CVE-2021-24031 is available in Zstandard command-line utility version 1.4.1 and above.
- collector/nvd-index
- vendor/facebook
- product/zstandard
- canonical/facebook zstandard