Gzip is vulnerable to remote code execution. Insufficient validations when processing filenames with two or more newlines allow remote attackers to force zgrep or xzgrep to write arbitrary files on the system.

References

access.redhat.com/security/cve/CVE-2022-1271

bugzilla.redhat.com/show_bug.cgi?id=2073310

git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6

lists.gnu.org/r/bug-gzip/2022-04/msg00011.html

secdb.alpinelinux.org/edge/main.yaml

secdb.alpinelinux.org/v3.12/main.yaml

secdb.alpinelinux.org/v3.13/main.yaml

secdb.alpinelinux.org/v3.14/main.yaml

secdb.alpinelinux.org/v3.15/main.yaml

security-tracker.debian.org/tracker/CVE-2022-1271

security.gentoo.org/glsa/202209-01

security.netapp.com/advisory/ntap-20220930-0006/

tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch

www.openwall.com/lists/oss-security/2022/04/07/8

fedora 5

freebsd 1

openvas 43

nessus 74

ubuntu 3

amazon 3

redhat 9

osv 18

oraclelinux 6

slackware 2

almalinux 2

ubuntucve 1

rocky 3

ibm 2

prion 1

altlinux 2

cbl_mariner 2

rosalinux 1

f5 1

redhatcve 1

gentoo 1

nvd 1

cloudlinux 1

debian 4

archlinux 2

zdi 1

alpinelinux 1

debiancve 1

cloudfoundry 1

cvelist 1

suse 1

mageia 1

cve 1

centos 1

redos 1

fedora

[SECURITY] Fedora 36 Update: xz-5.2.5-9.fc36

2022-05-02 19:43:52

[SECURITY] Fedora 34 Update: gzip-1.10-5.fc34

2022-04-30 18:40:27

[SECURITY] Fedora 36 Update: gzip-1.11-3.fc36

2022-04-28 22:25:50

freebsd

zgrep -- arbitrary file write

2022-04-07 00:00:00

openvas

Huawei EulerOS: Security Advisory for xz (EulerOS-SA-2022-2149)

2022-07-29 00:00:00

CentOS: Security Advisory for gzip (CESA-2022:2191)

2022-05-14 00:00:00

Ubuntu: Security Advisory (USN-5378-1)

2022-04-14 00:00:00

nessus

Oracle Linux 7 : gzip (ELSA-2022-2191)

2022-05-11 00:00:00

AlmaLinux 9 : xz (ALSA-2022:4940)

2022-11-16 00:00:00

SUSE SLED15 / SLES15 Security Update : gzip (SUSE-SU-2022:1617-1)

2022-05-11 00:00:00

ubuntu

Gzip vulnerability

2022-04-13 00:00:00

Gzip vulnerability

2022-04-13 00:00:00

XZ Utils vulnerability

2022-04-13 00:00:00

amazon

Important: gzip, xz

2022-04-25 22:56:00

Important: gzip

2022-05-31 23:47:00

Important: xz

2022-05-31 23:47:00

redhat

(RHSA-2022:4940) Important: xz security update

2022-06-08 08:20:11

(RHSA-2022:4582) Important: gzip security update

2022-05-17 22:32:54

(RHSA-2022:1676) Important: gzip security update

2022-05-03 06:36:38

osv

Important: gzip security update

2022-04-26 09:54:04

Important: xz security update

2022-06-13 07:15:31

gzip - security update

2022-04-10 00:00:00

oraclelinux

xz security update

2022-06-13 00:00:00

gzip security update

2022-04-26 00:00:00

gzip security update

2022-06-30 00:00:00

slackware

[slackware-security] gzip

2022-04-14 21:21:03

[slackware-security] xz

2022-04-14 21:21:34

almalinux

Important: xz security update

2022-06-08 00:00:00

Important: xz security update

2022-06-13 00:00:00

ubuntucve

CVE-2022-1271

2022-04-07 00:00:00

rocky

gzip security update

2022-05-17 22:32:54

xz security update

2022-06-13 07:15:31

gzip security update

2022-04-26 09:54:04

ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in GNU Gzip (CVE-2022-1271)

2023-01-12 21:59:00

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in GNU gzip (CVE-2022-1271)

2023-02-01 15:46:50

prion

Input validation

2022-08-31 16:15:00

altlinux

Security fix for the ALT Linux 9 package gzip version 1.10-alt1.p9.1

2023-04-10 00:00:00

Security fix for the ALT Linux 10 package gzip version 1.12-alt1

2022-04-11 00:00:00

cbl_mariner

CVE-2022-1271 affecting package gzip 1.9-5

2022-09-17 05:56:35

CVE-2022-1271 affecting package gzip for versions less than 1.12-1

2022-10-05 23:33:39

rosalinux

Advisory ROSA-SA-2023-2301

2023-12-05 10:33:39

K000130546 : Gzip vulnerability CVE-2022-1271

2023-01-25 00:00:00

redhatcve

CVE-2022-1271

2022-04-08 08:27:59

gentoo

GNU Gzip, XZ Utils: Arbitrary file write

2022-09-07 00:00:00

nvd

CVE-2022-1271

2022-08-31 16:15:09

cloudlinux

Fixed CVE-2022-1271 in gzip

2022-05-20 00:06:18

debian

[SECURITY] [DLA 2977-1] xz-utils security update

2022-04-10 13:07:58

[SECURITY] [DSA 5123-1] xz-utils security update

2022-04-18 19:36:12

[SECURITY] [DSA 5122-1] gzip security update

2022-04-18 19:31:16

archlinux

[ASA-202204-8] xz: arbitrary command execution

2022-04-07 00:00:00

[ASA-202204-7] gzip: arbitrary command execution

2022-04-07 00:00:00

zdi

Tukaani XZ Utils xzgrep Argument Injection Remote Code Execution Vulnerability

2022-04-12 00:00:00

alpinelinux

CVE-2022-1271

2022-08-31 16:15:09

debiancve

CVE-2022-1271

2022-08-31 16:15:09

cloudfoundry

USN-5378-1: Gzip vulnerability | Cloud Foundry

2022-05-23 00:00:00

cvelist

CVE-2022-1271

2022-08-31 15:33:00

suse

Security update for gzip (important)

2022-05-10 00:00:00

mageia

Updated gzip/xz packages fix security vulnerability

2022-04-23 20:22:42

cve

CVE-2022-1271

2022-08-31 16:15:09

centos

gzip security update

2022-05-13 17:33:20

redos

ROS-20220516-02

2022-05-16 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.012

Percentile

85.7%

JSON

Related for VERACODE:35039