CVE-ID: CVE-2022-1271
BDU-ID: 2022-02113
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the gzip library is related to errors in file name handling. Exploitation of the vulnerability could allow an attacker acting remotely to write arbitrary files to the system using the zgrep and xzgrep command line utilities
CVE-STATUS: Fixed
CVE-REV: Run the yum update gzip command to close it

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchgzip< 1.9UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ROSA	any	noarch	gzip	< 1.9	UNKNOWN

nessus 74

openvas 46

fedora 5

osv 15

ubuntu 3

freebsd 1

amazon 3

redhat 10

oraclelinux 5

ubuntucve 1

almalinux 3

slackware 2

veracode 1

rocky 4

ibm 2

prion 1

altlinux 2

cbl_mariner 1

f5 1

redhatcve 1

gentoo 1

nvd 1

cloudlinux 1

debian 4

archlinux 1

zdi 1

alpinelinux 1

cvelist 1

debiancve 1

cloudfoundry 2

redos 1

suse 2

centos 1

nessus

Oracle Linux 7 : gzip (ELSA-2022-2191)

2022-05-11 00:00:00

AlmaLinux 9 : xz (ALSA-2022:4940)

2022-11-16 00:00:00

SUSE SLED15 / SLES15 Security Update : gzip (SUSE-SU-2022:1617-1)

2022-05-11 00:00:00

openvas

CentOS: Security Advisory for gzip (CESA-2022:2191)

2022-05-14 00:00:00

Ubuntu: Security Advisory (USN-5378-1)

2022-04-14 00:00:00

Huawei EulerOS: Security Advisory for gzip (EulerOS-SA-2023-1258)

2023-01-31 00:00:00

fedora

[SECURITY] Fedora 36 Update: xz-5.2.5-9.fc36

2022-05-02 19:43:52

[SECURITY] Fedora 34 Update: gzip-1.10-5.fc34

2022-04-30 18:40:27

[SECURITY] Fedora 36 Update: gzip-1.11-3.fc36

2022-04-28 22:25:50

osv

Important: xz security update

2022-06-13 07:15:31

Important: gzip security update

2022-04-26 09:54:04

Important: gzip security update

2022-05-17 22:32:54

ubuntu

Gzip vulnerability

2022-04-13 00:00:00

Gzip vulnerability

2022-04-13 00:00:00

XZ Utils vulnerability

2022-04-13 00:00:00

freebsd

zgrep -- arbitrary file write

2022-04-07 00:00:00

amazon

Important: gzip, xz

2022-04-25 22:56:00

Important: gzip

2022-05-31 23:47:00

Important: xz

2022-05-31 23:47:00

redhat

(RHSA-2022:4940) Important: xz security update

2022-06-08 08:20:11

(RHSA-2022:4582) Important: gzip security update

2022-05-17 22:32:54

(RHSA-2022:1676) Important: gzip security update

2022-05-03 06:36:38

oraclelinux

xz security update

2022-06-13 00:00:00

gzip security update

2022-04-26 00:00:00

gzip security update

2022-06-30 00:00:00

ubuntucve

CVE-2022-1271

2022-04-07 00:00:00

almalinux

Important: xz security update

2022-06-08 00:00:00

Important: xz security update

2022-06-13 00:00:00

Important: gzip security update

2022-04-26 09:54:04

slackware

[slackware-security] gzip

2022-04-14 21:21:03

[slackware-security] xz

2022-04-14 21:21:34

veracode

Remote Code Execution

2022-04-10 10:33:43

rocky

xz security update

2022-06-13 07:15:31

gzip security update

2022-05-17 22:32:54

gzip security update

2022-04-26 09:54:04

ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in GNU Gzip (CVE-2022-1271)

2023-01-12 21:59:00

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in GNU gzip (CVE-2022-1271)

2023-02-01 15:46:50

prion

Input validation

2022-08-31 16:15:00

altlinux

Security fix for the ALT Linux 9 package gzip version 1.10-alt1.p9.1

2023-04-10 00:00:00

Security fix for the ALT Linux 10 package gzip version 1.12-alt1

2022-04-11 00:00:00

cbl_mariner

CVE-2022-1271 affecting package gzip 1.9-5

2022-09-17 05:56:35

K000130546 : Gzip vulnerability CVE-2022-1271

2023-01-25 00:00:00

redhatcve

CVE-2022-1271

2022-04-08 08:27:59

gentoo

GNU Gzip, XZ Utils: Arbitrary file write

2022-09-07 00:00:00

nvd

CVE-2022-1271

2022-08-31 16:15:09

cloudlinux

Fixed CVE-2022-1271 in gzip

2022-05-20 00:06:18

debian

[SECURITY] [DLA 2977-1] xz-utils security update

2022-04-10 13:07:58

[SECURITY] [DSA 5123-1] xz-utils security update

2022-04-18 19:36:12

[SECURITY] [DSA 5122-1] gzip security update

2022-04-18 19:31:16

archlinux

[ASA-202204-8] xz: arbitrary command execution

2022-04-07 00:00:00

zdi

Tukaani XZ Utils xzgrep Argument Injection Remote Code Execution Vulnerability

2022-04-12 00:00:00

alpinelinux

CVE-2022-1271

2022-08-31 16:15:09

cvelist

CVE-2022-1271

2022-08-31 15:33:00

debiancve

CVE-2022-1271

2022-08-31 16:15:09

cloudfoundry

USN-5378-1: Gzip vulnerability | Cloud Foundry

2022-05-23 00:00:00

USN-5378-2: XZ Utils vulnerability | Cloud Foundry

2022-05-23 00:00:00

redos

ROS-20220516-02

2022-05-16 00:00:00

suse

Security update for xz (important)

2022-04-12 00:00:00

Security update for gzip (important)

2022-05-10 00:00:00

centos

xz security update

2022-08-02 19:22:54

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

0.012

Percentile

85.7%

JSON

Related for ROSA-SA-2023-2301