What is CVE-2021-24032?

CVE-2021-24032 is a vulnerability in the Zstandard command-line utility that creates output files with default permissions, which could momentarily make them readable or writable to unintended users.

What is the severity of CVE-2021-24032?

CVE-2021-24032 has a severity score of 4.7, which is classified as medium.

How does CVE-2021-24032 affect Facebook Zstandard?

CVE-2021-24032 affects Facebook Zstandard versions between 1.4.1 and 1.4.9.

Are there any known fixes for CVE-2021-24032?

Yes, updating to Facebook Zstandard version 1.4.9 or later fixes the vulnerability.

Where can I find more information about CVE-2021-24032?

You can find more information about CVE-2021-24032 on the Debian bug report, GitHub issue, and Facebook security advisory.

Vulnerability/
CVE-2021-24032

medium

4.7

CWE

276 277

12/2/2021

4/3/2021

21/8/2024

CVE-2021-24032

First published: Fri Feb 12 2021(Updated: )

Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.

Credit: cve-assign@fb.com

Affected Software	Affected Version	How to fix
Facebook Zstandard	>=1.4.1<1.4.9
redhat/zstd	<1.4.9	1.4.9

Remedy

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519

Remedy

https://github.com/facebook/zstd/issues/2491

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-24032?
CVE-2021-24032 is a vulnerability in the Zstandard command-line utility that creates output files with default permissions, which could momentarily make them readable or writable to unintended users.
What is the severity of CVE-2021-24032?
CVE-2021-24032 has a severity score of 4.7, which is classified as medium.
How does CVE-2021-24032 affect Facebook Zstandard?
CVE-2021-24032 affects Facebook Zstandard versions between 1.4.1 and 1.4.9.
Are there any known fixes for CVE-2021-24032?
Yes, updating to Facebook Zstandard version 1.4.9 or later fixes the vulnerability.
Where can I find more information about CVE-2021-24032?
You can find more information about CVE-2021-24032 on the Debian bug report, GitHub issue, and Facebook security advisory.

collector/nvd-index
agent/weakness
agent/type
agent/remedy
agent/severity
agent/references
agent/author
agent/softwarecombine
agent/tags
agent/description
agent/first-publish-date
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2021-24032
agent/software-canonical-lookup
agent/last-modified-date
agent/trending
vendor/facebook
canonical/facebook zstandard
version/facebook zstandard/1.4.1
package-manager/redhat

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.