Product Research Enterprise Plans Docs

PyPi: Zstd

CVE-2022-4899

Transitive

Safety vulnerability ID: 62711

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 31, 2023 Updated at Dec 19, 2023

Scan your Python projects for vulnerabilities →

Advisory

The python-zstd version 1.5.5.1 has upgraded its dependency Zstd from version 1.5.4 to 1.5.5. This upgrade includes a fix for a vulnerability discovered in zstd version 1.4.10. The vulnerability allows an attacker to supply an empty string as an argument to the command line tool, which could lead to a buffer overrun.
https://github.com/facebook/zstd/pull/3220/commits/e1873ad576cb478fff0e6e44ad99599cd5fd2846
https://github.com/sergey-dryabzhinsky/python-zstd/commit/4bf2a020aaa5055ff4a61fd11de3afe195b1c3d7

Affected package

zstd

Latest version: 1.5.5.1

ZSTD Bindings for Python

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): NONE
Availability Availability (A): HIGH