CVE-2022-4899

CVE-2022-4899

Vendor N/A

Product zstd

Weakness CWE-400

Published March 31, 2023

Last update February 18, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

Key dates

02Disclosure timeline

March 31, 2023 CVE published

February 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-4899 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/400.html

Related vulnerabilities

04Related CVE

CVE-2023-32611 G_variant_byteswap() can take a long time with some non-normal inputs CVE-2021-21294 Unbounded connection acceptance in http4s-blaze-server CVE-2021-1564 Cisco Video Surveillance 7000 Series IP Cameras Cisco Discovery and Link Layer Discovery Protocol Memory Leak Vulnerabilities CVE-2023-42670 Samba: ad dc busy rpc multiple listener dos CVE-2026-27633 TinyWeb has Unbounded Content-Length Memory Exhaustion (DoS)