Race Condition Vulnerability in Zstandard Compression Functions by Facebook
CVE-2019-11922
8.1HIGH
What is CVE-2019-11922?
A race condition exists within the one-pass compression functions of Zstandard, affecting versions prior to 1.3.8. This vulnerability arises when an attacker utilizes an output buffer smaller than the recommended size, potentially enabling unauthorized write operations beyond intended memory bounds. This can lead to data corruption or unexpected behavior in applications relying on Zstandard for data compression. It is critical for users to update to the latest version to mitigate risks.
Affected Version(s)
Zstandard 1.3.8
Zstandard < 1.3.8