vulnerability

Alpine Linux: CVE-2022-1271: Improper Input Validation

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	08/31/2022	03/26/2024	10/02/2024

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

08/31/2022

Added

03/26/2024

Modified

10/02/2024

Description

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

Solution(s)

alpine-linux-upgrade-gzipalpine-linux-upgrade-xz

References

CVE-2022-1271
https://attackerkb.com/topics/CVE-2022-1271
URL-https://security.alpinelinux.org/vuln/CVE-2022-1271

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today