{"id":"CVE-2021-24032","details":"Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.","modified":"2026-04-16T04:40:15.346842062Z","published":"2021-03-04T21:15:12.963Z","related":["SUSE-SU-2021:0948-1","openSUSE-SU-2021:0481-1"],"references":[{"type":"ADVISORY","url":"https://www.facebook.com/security/advisories/cve-2021-24032"},{"type":"FIX","url":"https://github.com/facebook/zstd/issues/2491"},{"type":"FIX","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/facebook/zstd","events":[{"introduced":"52181f877a96ca3feb688820ba852a0c044cc620"},{"fixed":"e4558ffd1dc49399faf4ee5d85abed4386b4dcf5"}],"database_specific":{"versions":[{"introduced":"1.4.1"},{"fixed":"1.4.9"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-24032.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}