Vulnerabilities > Facebook > Zstandard
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-31 | CVE-2022-4899 | Resource Exhaustion vulnerability in Facebook Zstandard 1.4.10 A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. | 7.5 |
| 2021-03-04 | CVE-2021-24032 | Incorrect Default Permissions vulnerability in Facebook Zstandard 1.4.1/1.4.2 Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. | 1.9 |
| 2021-03-04 | CVE-2021-24031 | Incorrect Default Permissions vulnerability in Facebook Zstandard In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. | 2.1 |
| 2019-07-25 | CVE-2019-11922 | Race Condition vulnerability in Facebook Zstandard A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used. | 6.8 |