View all vulnerabilities

CVE-2022-4899

zstd vulnerable to buffer overrun

A vulnerability was found in zstd v1.4.10, where an attacker can supply an empty string as an argument to the command line tool to cause buffer overrun.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
7.5
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Versions
github.com/facebook/zstd < 1.5.4; zstd < 1.5.4.0
Severity
High
Ecosystem
Python
Publish Date
March 31, 2023
Modified Date
November 19, 2024