8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.007 Low
EPSS
Percentile
80.6%
RedHat reports:
An arbitrary file write vulnerability was found in GNU
gzip’s zgrep utility. When zgrep is applied on the
attacker’s chosen file name (for example, a crafted
file name), this can overwrite an attacker’s content
to an arbitrary attacker-selected file. This flaw
occurs due to insufficient validation when processing
filenames with two or more newlines where selected
content and the target file names are embedded in
crafted multi-line file names. This flaw allows a
remote, low privileged attacker to force zgrep to
write arbitrary files on the system.
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.007 Low
EPSS
Percentile
80.6%