7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.066 Low
EPSS
Percentile
93.8%
Problem Description
Multiple programming errors have been found in gzip which
can be triggered when gzip is decompressing files. These
errors include insufficient bounds checks in buffer use, a
NULL pointer dereference, and a potential infinite loop.
Impact
The insufficient bounds checks in buffer use can cause gzip
to crash, and may permit the execution of arbitrary code.
The NULL pointer deference can cause gzip to crash. The
infinite loop can cause a Denial-of-Service situation where
gzip uses all available CPU time.
Workaround
No workaround is available.