A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.

Related CVEs

CVE-2019-11922

Key Information

GHSA ID

GHSA-w77f-wv46-4vcx

Published

May 24, 2022 4:51 PM

Last Modified

April 4, 2024 1:22 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 4, 2025 6:22 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.