Vulnerabilities > CVE-2019-11922 - Race Condition vulnerability in Facebook Zstandard

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
facebook
CWE-362
nessus

Summary

A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4108-1.NASL
    descriptionIt was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128075
    published2019-08-22
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128075
    titleUbuntu 18.04 LTS : libzstd vulnerability (USN-4108-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4108-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128075);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id("CVE-2019-11922");
      script_xref(name:"USN", value:"4108-1");
    
      script_name(english:"Ubuntu 18.04 LTS : libzstd vulnerability (USN-4108-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that Zstandard incorrectly handled certain inputs.
    An attacker could possibly use this issue to execute arbitrary code.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4108-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libzstd1 and / or zstd packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libzstd1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:zstd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 18.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"18.04", pkgname:"libzstd1", pkgver:"1.3.3+dfsg-2ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"zstd", pkgver:"1.3.3+dfsg-2ubuntu1.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libzstd1 / zstd");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1952.NASL
    descriptionThis update for zstd fixes the following issues : - Update to version 1.4.2 : - bug: Fix bug in zstd-0.5 decoder by @terrelln (#1696) - bug: Fix seekable decompression in-memory API by @iburinoc (#1695) - bug: Close minor memory leak in CLI by @LeeYoung624 (#1701) - misc: Validate blocks are smaller than size limit by @vivekmig (#1685) - misc: Restructure source files by @ephiepark (#1679) - Update to version 1.4.1 : - bug: Fix data corruption in niche use cases by @terrelln (#1659) - bug: Fuzz legacy modes, fix uncovered bugs by @terrelln (#1593, #1594, #1595) - bug: Fix out of bounds read by @terrelln (#1590) - perf: Improve decode speed by ~7% @mgrice (#1668) - perf: Slightly improved compression ratio of level 3 and 4 (ZSTD_dfast) by @cyan4973 (#1681) - perf: Slightly faster compression speed when re-using a context by @cyan4973 (#1658) - perf: Improve compression ratio for small windowLog by @cyan4973 (#1624) - perf: Faster compression speed in high compression mode for repetitive data by @terrelln (#1635) - api: Add parameter to generate smaller dictionaries by @tyler-tran (#1656) - cli: Recognize symlinks when built in C99 mode by @felixhandte (#1640) - cli: Expose cpu load indicator for each file on -vv mode by @ephiepark (#1631) - cli: Restrict read permissions on destination files by @chungy (#1644) - cli: zstdgrep: handle -f flag by @felixhandte (#1618) - cli: zstdcat: follow symlinks by @vejnar (#1604) - doc: Remove extra size limit on compressed blocks by @felixhandte (#1689) - doc: Fix typo by @yk-tanigawa (#1633) - doc: Improve documentation on streaming buffer sizes by @cyan4973 (#1629) - build: CMake: support building with LZ4 @leeyoung624 (#1626) - build: CMake: install zstdless and zstdgrep by @leeyoung624 (#1647) - build: CMake: respect existing uninstall target by @j301scott (#1619) - build: Make: skip multithread tests when built without support by @michaelforney (#1620) - build: Make: Fix examples/ test target by @sjnam (#1603) - build: Meson: rename options out of deprecated namespace by @lzutao (#1665) - build: Meson: fix build by @lzutao (#1602) - build: Visual Studio: don
    last seen2020-06-01
    modified2020-06-02
    plugin id128015
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128015
    titleopenSUSE Security Update : zstd (openSUSE-2019-1952)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1952.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128015);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id("CVE-2019-11922");
    
      script_name(english:"openSUSE Security Update : zstd (openSUSE-2019-1952)");
      script_summary(english:"Check for the openSUSE-2019-1952 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for zstd fixes the following issues :
    
      - Update to version 1.4.2 :
    
      - bug: Fix bug in zstd-0.5 decoder by @terrelln (#1696)
    
      - bug: Fix seekable decompression in-memory API by
        @iburinoc (#1695)
    
      - bug: Close minor memory leak in CLI by @LeeYoung624
        (#1701)
    
      - misc: Validate blocks are smaller than size limit by
        @vivekmig (#1685)
    
      - misc: Restructure source files by @ephiepark (#1679)
    
      - Update to version 1.4.1 :
    
      - bug: Fix data corruption in niche use cases by @terrelln
        (#1659)
    
      - bug: Fuzz legacy modes, fix uncovered bugs by @terrelln
        (#1593, #1594, #1595)
    
      - bug: Fix out of bounds read by @terrelln (#1590)
    
      - perf: Improve decode speed by ~7% @mgrice (#1668)
    
      - perf: Slightly improved compression ratio of level 3 and
        4 (ZSTD_dfast) by @cyan4973 (#1681)
    
      - perf: Slightly faster compression speed when re-using a
        context by @cyan4973 (#1658)
    
      - perf: Improve compression ratio for small windowLog by
        @cyan4973 (#1624)
    
      - perf: Faster compression speed in high compression mode
        for repetitive data by @terrelln (#1635)
    
      - api: Add parameter to generate smaller dictionaries by
        @tyler-tran (#1656)
    
      - cli: Recognize symlinks when built in C99 mode by
        @felixhandte (#1640)
    
      - cli: Expose cpu load indicator for each file on -vv mode
        by @ephiepark (#1631)
    
      - cli: Restrict read permissions on destination files by
        @chungy (#1644)
    
      - cli: zstdgrep: handle -f flag by @felixhandte (#1618)
    
      - cli: zstdcat: follow symlinks by @vejnar (#1604)
    
      - doc: Remove extra size limit on compressed blocks by
        @felixhandte (#1689)
    
      - doc: Fix typo by @yk-tanigawa (#1633)
    
      - doc: Improve documentation on streaming buffer sizes by
        @cyan4973 (#1629)
    
      - build: CMake: support building with LZ4 @leeyoung624
        (#1626)
    
      - build: CMake: install zstdless and zstdgrep by
        @leeyoung624 (#1647)
    
      - build: CMake: respect existing uninstall target by
        @j301scott (#1619)
    
      - build: Make: skip multithread tests when built without
        support by @michaelforney (#1620)
    
      - build: Make: Fix examples/ test target by @sjnam (#1603)
    
      - build: Meson: rename options out of deprecated namespace
        by @lzutao (#1665)
    
      - build: Meson: fix build by @lzutao (#1602)
    
      - build: Visual Studio: don't export symbols in static lib
        by @scharan (#1650)
    
      - build: Visual Studio: fix linking by @absotively (#1639)
    
      - build: Fix MinGW-W64 build by @myzhang1029 (#1600)
    
      - misc: Expand decodecorpus coverage by @ephiepark (#1664)
    
      - Add baselibs.conf: libarchive gained zstd support and
        provides
    
        -32bit libraries. This means, zstd also needs to provide
        -32bit libs.
    
      - Update to new upstream release 1.4.0
    
      - perf: level 1 compression speed was improved
    
      - cli: added --[no-]compress-literals flag to enable or
        disable literal compression
    
      - Reword 'real-time' in description by some actual
        statistics, because 603MB/s (lowest zstd level) is not
        'real-time' for quite some applications.
    
      - zstd 1.3.8 :
    
      - better decompression speed on large files (+7%) and cold
        dictionaries (+15%)
    
      - slightly better compression ratio at high compression
        modes
    
      - new --rsyncable mode
    
      - support decompression of empty frames into NULL (used to
        be an error)
    
      - support ZSTD_CLEVEL environment variable
    
      - --no-progress flag, preserving final summary
    
      - various CLI fixes
    
      - fix race condition in one-pass compression functions
        that could allow out of bounds write (CVE-2019-11922,
        boo#1142941)
    
      - zstd 1.3.7 :
    
      - fix ratio for dictionary compression at levels 9 and 10
    
      - add man pages for zstdless and zstdgrep
    
      - includes changes from zstd 1.3.6 :
    
      - faster dictionary builder, also the new default for
        --train
    
      - previous (slower, slightly higher quality) dictionary
        builder to be selected via --train-cover
    
      - Faster dictionary decompression and compression under
        memory limits with many dictionaries used simultaneously
    
      - New command --adapt for compressed network piping of
        data adjusted to the perceived network conditions
    
      - update to 1.3.5 :
    
      - much faster dictionary compression
    
      - small quality improvement for dictionary generation
    
      - slightly improved performance at high compression levels
    
      - automatic memory release for long duration contexts
    
      - fix overlapLog can be manually set
    
      - fix decoding invalid lz4 frames
    
      - fix performance degradation for dictionary compression
        when using advanced API
    
      - fix pzstd tests
    
      - enable pzstd (parallel zstd)
    
      - Use %license instead of %doc [boo#1082318]
    
      - Add disk _constraints to fix ppc64le build
    
      - Use FAT LTO objects in order to provide proper static
        library (boo#1133297)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082318"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133297"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1142941"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected zstd packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libzstd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libzstd-devel-static");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libzstd1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libzstd1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:zstd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:zstd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:zstd-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"libzstd-devel-1.4.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libzstd-devel-static-1.4.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libzstd1-1.4.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libzstd1-debuginfo-1.4.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"zstd-1.4.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"zstd-debuginfo-1.4.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"zstd-debugsource-1.4.2-lp150.2.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libzstd-devel / libzstd-devel-static / libzstd1 / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1845.NASL
    descriptionThis update for zstd to version 1.4.2 fixes the following issues : Security issues fixed : &#9; - CVE-2019-11922: Fixed race condition in one-pass compression functions that could allow out of bounds write (boo#1142941). Non-security issues fixed : &#9; - Added --[no-]compress-literals CLI flag to enable or disable literal compression. - Added new --rsyncable mode. - Added handling of -f flag to zstdgrep. - Added CPU load indicator for each file on -vv mode. - Changed --no-progress flag to preserve the final summary. - Added new command --adapt for compressed network piping of data adjusted to the perceived network conditions.
    last seen2020-06-01
    modified2020-06-02
    plugin id127834
    published2019-08-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127834
    titleopenSUSE Security Update : zstd (openSUSE-2019-1845)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1845.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127834);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id("CVE-2019-11922");
    
      script_name(english:"openSUSE Security Update : zstd (openSUSE-2019-1845)");
      script_summary(english:"Check for the openSUSE-2019-1845 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for zstd to version 1.4.2 fixes the following issues :
    
    Security issues fixed :
    
    &#9; - CVE-2019-11922: Fixed race condition in one-pass compression
    functions that could allow out of bounds write (boo#1142941).
    
    Non-security issues fixed :
    
    &#9; - Added --[no-]compress-literals CLI flag to enable or disable
    literal compression.
    
      - Added new --rsyncable mode.
    
      - Added handling of -f flag to zstdgrep.
    
      - Added CPU load indicator for each file on -vv mode.
    
      - Changed --no-progress flag to preserve the final
        summary.
    
      - Added new command --adapt for compressed network piping
        of data adjusted to the perceived network conditions."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082318"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133297"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1142941"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected zstd packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libzstd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libzstd-devel-static");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libzstd1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libzstd1-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libzstd1-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libzstd1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:zstd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:zstd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:zstd-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.1", reference:"libzstd-devel-1.4.2-lp151.3.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libzstd-devel-static-1.4.2-lp151.3.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libzstd1-1.4.2-lp151.3.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libzstd1-debuginfo-1.4.2-lp151.3.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"zstd-1.4.2-lp151.3.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"zstd-debuginfo-1.4.2-lp151.3.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"zstd-debugsource-1.4.2-lp151.3.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libzstd1-32bit-1.4.2-lp151.3.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libzstd1-32bit-debuginfo-1.4.2-lp151.3.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libzstd-devel / libzstd-devel-static / libzstd1 / etc");
    }