—

PYSEC-2023-121

zstd vulnerable to buffer overrun

Details

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

Enter the version of the package you're using.

Introduced in: 0 Fixed in: 1.5.4

Fix pip install --upgrade 'zstd>=1.5.4'