An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
History

Mon, 26 Aug 2024 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Tukaani
Tukaani xz
CPEs cpe:2.3:a:tukaani:xz:*:*:*:*:*:*:*:*
Vendors & Products Tukaani
Tukaani xz

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-08-31T15:33:00

Updated: 2024-08-02T23:55:24.665Z

Reserved: 2022-04-07T00:00:00

Link: CVE-2022-1271

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-08-31T16:15:09.347

Modified: 2024-11-21T06:40:23.040

Link: CVE-2022-1271

cve-icon Redhat

Severity : Important

Publid Date: 2022-04-07T00:00:00Z

Links: CVE-2022-1271 - Bugzilla