Gzip is vulnerable to remote code execution. Insufficient validations when processing filenames with two or more newlines allow remote attackers to force zgrep
or xzgrep
to write arbitrary files on the system.
access.redhat.com/security/cve/CVE-2022-1271
bugzilla.redhat.com/show_bug.cgi?id=2073310
git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6
lists.gnu.org/r/bug-gzip/2022-04/msg00011.html
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.12/main.yaml
secdb.alpinelinux.org/v3.13/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
secdb.alpinelinux.org/v3.15/main.yaml
security-tracker.debian.org/tracker/CVE-2022-1271
security.gentoo.org/glsa/202209-01
security.netapp.com/advisory/ntap-20220930-0006/
tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch
www.openwall.com/lists/oss-security/2022/04/07/8