Bugzilla – Bug 1142941
VUL-1: CVE-2019-11922: zstd: race condition in one-pass compression functions could allow out of bounds write
Last modified: 2023-04-06 09:33:26 UTC
CVE-2019-11922 A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11922 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11922 https://www.facebook.com/security/advisories/cve-2019-11922 https://github.com/facebook/zstd/pull/1404/commits/3e5cdf1b6a85843e991d7d10f6a2567c15580da0
This is an autogenerated message for OBS integration: This bug (1142941) was mentioned in https://build.opensuse.org/request/show/720572 Factory / zstd https://build.opensuse.org/request/show/720573 15.0 / zstd
This is an autogenerated message for OBS integration: This bug (1142941) was mentioned in https://build.opensuse.org/request/show/720651 15.1 / zstd
openSUSE-SU-2019:1845-1: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 1082318,1133297,1142941 CVE References: CVE-2019-11922 Sources used: openSUSE Leap 15.1 (src): zstd-1.4.2-lp151.3.3.1
openSUSE-SU-2019:1952-1: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 1082318,1133297,1142941 CVE References: CVE-2019-11922 Sources used: openSUSE Leap 15.0 (src): zstd-1.4.2-lp150.2.3.1
openSUSE-SU-2019:2008-1: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 1082318,1133297,1142941 CVE References: CVE-2019-11922 Sources used: openSUSE Backports SLE-15-SP1 (src): zstd-1.4.2-bp151.4.3.1 openSUSE Backports SLE-15 (src): zstd-1.4.2-bp150.3.3.1
Fixed in all stable releases. Tumbleweed already had the fix.