VDB
CVE-2019-11922
CVE-2019-11922
PUBLISHED
A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.
EPSS 0.62% · 70.3th percentile
Risk Scores
EPSS Score
0.62%
70.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | libzstd | 0, 1.3.1+dfsg-1, 1.3.2+dfsg-1 |
| Ubuntu:Pro:16.04:LTS | libzstd | 0, 0.4.5-1, 0.5.1-1 |
Timeline
- Jul 25, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-11922 third-party-advisory
- https://github.com/facebook/zstd/pull/1404/commits/3e5cdf1b6a85843e991d7d10f6a2567c15580da0 third-party-advisory
- https://www.facebook.com/security/advisories/cve-2019-11922 third-party-advisory
- https://ubuntu.com/security/notices/USN-4108-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5593-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-11922 third-party-advisory