Skip to main content
Version: latest

CVE-2022-4899

CVE Details

CVE-2022-4899

Last Update

11/7/2024

NIST CVE Summary

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

Our Official Summary

This vulnerability is reported on several 3rd party images used by the product. We are waiting on an upstream fix from the vendor.

CVE Severity

7.5

Status

Ongoing

Affected Products & Versions

  • Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3, 4.5.8
  • Palette Enterprise airgap 4.4.18, 4.5.3, 4.5.8
  • Palette VerteX 4.5.3, 4.5.8
  • Palette Enterprise 4.5.3, 4.5.8

Revision History

  • 1.0 08/16/2024 Initial Publication
  • 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products
  • 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products
  • 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products
  • 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products
  • 6.0 11/7/2024 Added Palette VerteX airgap, Palette Enterprise airgap, Palette Enterprise, and Palette VerteX 4.5.8 to Affected Products