CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
55.2%
A vulnerability was found in zstd v1.4.10, where an attacker can supply
empty string as an argument to the command line tool to cause buffer
overrun.
Author | Note |
---|---|
ccdm94 | The vulnerable code was introduced by commit 9a8ccd4b (v1.4.6). The vulnerable function is therefore not present in focal and earlier. |
mdeslaur | crash via out of bounds read because of incorrect command line arguments, this is a low priority issue. |