Auto-merge PR#974

2025-05-07 11:06:39 +00:00 · 2021-03-04 15:15:27 -05:00 · 2021-03-04 15:15:27 -05:00 · 6d0f91bea8
commit 6d0f91bea8
parent cc7622d793 4008979f5d
2 changed files with 158 additions and 34 deletions
--- a/2021/24xxx/CVE-2021-24031.json
+++ b/2021/24xxx/CVE-2021-24031.json
@ -1,18 +1,78 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2021-24031",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
-    }
-}
+	"CVE_data_meta": {
+		"ASSIGNER": "cve-assign@fb.com",
+		"DATE_ASSIGNED": "2021-03-01",
+		"ID": "CVE-2021-24031",
+		"STATE": "PUBLIC"
+	},
+	"affects": {
+		"vendor": {
+			"vendor_data": [
+				{
+					"vendor_name": "Facebook",
+					"product": {
+						"product_data": [
+							{
+								"product_name": "Zstandard",
+								"version": {
+									"version_data": [
+										{
+											"version_affected": "!>=",
+											"version_value": "1.4.1"
+										},
+										{
+											"version_affected": "<",
+											"version_value": "1.4.1"
+										}
+									]
+								}
+							}
+						]
+					}
+				}
+			]
+		}
+	},
+	"data_format": "MITRE",
+	"data_type": "CVE",
+	"data_version": "4.0",
+	"description": {
+		"description_data": [
+			{
+				"lang": "eng",
+				"value": "In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties."
+			}
+		]
+	},
+	"problemtype": {
+		"problemtype_data": [
+			{
+				"description": [
+					{
+						"lang": "eng",
+						"value": "Insecure Inherited Permissions (CWE-277)"
+					}
+				]
+			}
+		]
+	},
+	"references": {
+		"reference_data": [
+			{
+				"refsource": "MISC",
+				"name": "https://github.com/facebook/zstd/issues/1630",
+				"url": "https://github.com/facebook/zstd/issues/1630"
+			},
+			{
+				"refsource": "MISC",
+				"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404",
+				"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404"
+			},
+			{
+				"refsource": "MISC",
+				"name": "https://www.facebook.com/security/advisories/cve-2021-24031",
+				"url": "https://www.facebook.com/security/advisories/cve-2021-24031"
+			}
+		]
+	}
+}
--- a/2021/24xxx/CVE-2021-24032.json
+++ b/2021/24xxx/CVE-2021-24032.json
@ -1,18 +1,82 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2021-24032",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
-    }
-}
+	"CVE_data_meta": {
+		"ASSIGNER": "cve-assign@fb.com",
+		"DATE_ASSIGNED": "2021-03-01",
+		"ID": "CVE-2021-24032",
+		"STATE": "PUBLIC"
+	},
+	"affects": {
+		"vendor": {
+			"vendor_data": [
+				{
+					"vendor_name": "Facebook",
+					"product": {
+						"product_data": [
+							{
+								"product_name": "Zstandard",
+								"version": {
+									"version_data": [
+										{
+											"version_affected": "!>=",
+											"version_value": "1.4.9"
+										},
+										{
+											"version_affected": ">=",
+											"version_value": "1.4.1"
+										},
+										{
+											"version_affected": "!<",
+											"version_value": "1.4.1"
+										}
+									]
+								}
+							}
+						]
+					}
+				}
+			]
+		}
+	},
+	"data_format": "MITRE",
+	"data_type": "CVE",
+	"data_version": "4.0",
+	"description": {
+		"description_data": [
+			{
+				"lang": "eng",
+				"value": "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties."
+			}
+		]
+	},
+	"problemtype": {
+		"problemtype_data": [
+			{
+				"description": [
+					{
+						"lang": "eng",
+						"value": "Insecure Inherited Permissions (CWE-277)"
+					}
+				]
+			}
+		]
+	},
+	"references": {
+		"reference_data": [
+			{
+				"refsource": "MISC",
+				"name": "https://github.com/facebook/zstd/issues/2491",
+				"url": "https://github.com/facebook/zstd/issues/2491"
+			},
+			{
+				"refsource": "MISC",
+				"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519",
+				"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519"
+			},
+			{
+				"refsource": "MISC",
+				"name": "https://www.facebook.com/security/advisories/cve-2021-24032",
+				"url": "https://www.facebook.com/security/advisories/cve-2021-24032"
+			}
+		]
+	}
+}