DEBIAN-CVE-2022-4899 — Vulnetix

DEBIAN-CVE-2022-4899 PUBLISHED CVSS 7.5 HIGH

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:14	libzstd	0, 0, 0
Debian:13	libzstd	0, 0, 0
Debian:11	libzstd	1.5.2+dfsg2, 1.5.2+dfsg2, 1.5.2+dfsg2
Debian:12	libzstd	0, 0, 0

Timeline

Mar 31, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2022-4899 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›