You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
buffer overrun
About this tag
The buffer overrun tag on WindowsForum.com covers a specific vulnerability, CVE-2022-4899, found in the zstd command-line utility. This bug occurs when an empty string is passed to certain command-line options, causing an out-of-bounds buffer access that can crash or disable processes using the zstd CLI. The issue was fixed in upstream releases and distribution packages by rejecting empty-directory arguments. This tag is relevant for users and administrators who rely on zstd for compression and need to understand the security implications of this buffer overrun and the steps to patch it.
A subtle mistake in zstd’s argument-handling code allows a trivial input — an empty string passed to certain command-line options — to produce a buffer overrun that can crash or disable processes that use the zstd CLI. The bug, tracked as CVE-2022-4899, affects the zstd command-line utility...