CVE-2022-4899

Summary

CVE	CVE-2022-4899
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-03-31 20:15:00 UTC
Updated	2023-11-07 03:59:00 UTC
Description	A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

Risk And Classification

Problem Types: CWE-400

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Facebook	Zstandard	1.4.10	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] Fedora 38 Update: community-mysql-8.0.34-2.fc38 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 37 Update: community-mysql-8.0.34-2.fc37 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Buffer overrun can happen in util.c · Issue #3200 · facebook/zstd · GitHub	MISC	github.com
July 2023 MySQL Server Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
[SECURITY] Fedora 38 Update: community-mysql-8.0.34-2.fc38 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 39 Update: community-mysql-8.0.34-2.fc39 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 37 Update: community-mysql-8.0.34-2.fc37 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 39 Update: community-mysql-8.0.34-2.fc39 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

161370 Oracle Enterprise Linux Security Update for mysql:8.0 (ELSA-2024-0894)
161403 Oracle Enterprise Linux Security Update for mysql (ELSA-2024-1141)
182570 Debian Security Update for libzstd (CVE-2022-4899)
242979 Red Hat Update for mysql:8.0 (RHSA-2024:0894)
243035 Red Hat Update for mysql (RHSA-2024:1141)
283834 Fedora Security Update for mingw (FEDORA-2023-7fd02c2367)
283835 Fedora Security Update for mingw (FEDORA-2023-af177441a9)
284234 Fedora Security Update for mingw (FEDORA-2023-d451c1919f)
284517 Fedora Security Update for community (FEDORA-2023-492105ed08)
284518 Fedora Security Update for community (FEDORA-2023-a9283d639f)
285265 Fedora Security Update for community (FEDORA-2023-9ccff0b1b7)
296105 Oracle Solaris 11.4 Support Repository Update (SRU) 63.157.1 Missing (CPUOCT2023)
355594 Amazon Linux Security Advisory for zstd : ALAS2-2023-2140
355642 Amazon Linux Security Advisory for zstd : ALAS2023-2023-244
378678 Oracle MySQL Connector Critical Patch Update (CPU) July 2023 (CPUJULY2023)
379631 Alibaba Cloud Linux Security Update for mysql:8.0 (ALINUX3-SA-2024:0032)
673539 EulerOS Security Update for zstd (EulerOS-SA-2023-3046)
673838 EulerOS Security Update for zstd (EulerOS-SA-2023-3023)
691232 Free Berkeley Software Distribution (FreeBSD) Security Update for mysql (759a5599-3ce8-11ee-a0d1-84a93843eb75)
753973 SUSE Enterprise Linux Security Update for zstd (SUSE-SU-2023:2074-1)
908004 Common Base Linux Mariner (CBL-Mariner) Security Update for zstd (25813)
908083 Common Base Linux Mariner (CBL-Mariner) Security Update for zstd (25813-1)
941595 AlmaLinux Security Update for mysql:8.0 (ALSA-2024:0894)
941616 AlmaLinux Security Update for mysql (ALSA-2024:1141)