{
  "threat_severity" : "Moderate",
  "public_date" : "2022-09-02T00:00:00Z",
  "bugzilla" : {
    "description" : "zstd: race condition in one-pass compression functions that could allow out of bounds write",
    "id" : "2124187",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2124187"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "status" : "draft"
  },
  "details" : [ "A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.", "A vulnerability found in zstd. A race condition in the one-pass compression functions of Zstandard allows an attacker to write bytes out of bounds if an output buffer smaller than the recommended size is used." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "mysql:8.0/mysql",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "zstd",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "zstd",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Not affected",
    "package_name" : "rh-mysql80-mysql",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-11922\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11922" ],
  "name" : "CVE-2019-11922",
  "csaw" : false
}