vulnerability

Debian: CVE-2022-1271: gzip, xz-utils -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	2022-04-12	2022-04-12	2025-01-30

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

2022-04-12

Added

2022-04-12

Modified

2025-01-30

Description

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

Solution(s)

debian-upgrade-gzipdebian-upgrade-xz-utils

References

CVE-2022-1271
https://attackerkb.com/topics/CVE-2022-1271
DEBIAN-DLA-2976-1
DEBIAN-DLA-2977-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today