CVE-2019-11922

EPSS 1.4%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 1.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

25 Jul 2019Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.

Affected products

Facebook · Zstandard

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00078.html https://github.com/facebook/zstd/pull/1404/commits/3e5cdf1b6a85843e991d7d10f6a2567c15580da0 https://usn.ubuntu.com/4108-1/https://www.facebook.com/security/advisories/cve-2019-11922 https://www.oracle.com/security-alerts/cpuoct2020.html