An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
Metrics
Affected Vendors & Products
References
History
Mon, 26 Aug 2024 11:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Tukaani
Tukaani xz |
|
CPEs | cpe:2.3:a:tukaani:xz:*:*:*:*:*:*:*:* | |
Vendors & Products |
Tukaani
Tukaani xz |
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2022-08-31T15:33:00
Updated: 2024-08-02T23:55:24.665Z
Reserved: 2022-04-07T00:00:00
Link: CVE-2022-1271
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-08-31T16:15:09.347
Modified: 2024-11-21T06:40:23.040
Link: CVE-2022-1271
Redhat