16 results (0.025 seconds)

CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. Se encontró una vulnerabilidad de escritura arbitraria de archivos en la utilidad zgrep de GNU gzip. • https://access.redhat.com/security/cve/CVE-2022-1271 https://bugzilla.redhat.com/show_bug.cgi?id=2073310 https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6 https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html https://security-tracker.debian.org/tracker/CVE-2022-1271 https://security.gentoo.org/glsa/202209-01 https://security.netapp.com/advisory/ntap-20220930-0006 https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch https://www.openwall.com • CWE-20: Improper Input Validation CWE-179: Incorrect Behavior Order: Early Validation CWE-1173: Improper Use of Validation Framework •

CVSS: 6.8EPSS: 6%CPEs: 16EXPL: 0

Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. Desbordamiento de entero en la función unlzw en unlzw.c en gzip anterior a v1.4 sobre las plataformas de 64 bits, permiten a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección a través de un archivo manipulado que emplea la compresión LZW, permitiendo a un array indexar el error. • http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=a3db5806d012082b9e25cc36d09f19cd736a468f http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://ncompress.sourceforge.net/#status http://savannah.gnu.org/forum/forum.php?forum_id=6153 http://secunia.com/advis • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 6.8EPSS: 15%CPEs: 15EXPL: 0

The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression. La función huft_build en inflate.c en gzip anterior a v1.3.13 crea una tabla hufts (también conocido como huffman) demasiado pequeña, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación o buble infinito), o posiblemente la ejecución de código de su elección a través de un archivo manipulado. NOTA: esta vulnerabilidad está provocada por una regresión del CVE-2006-4334. • http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263 http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://secunia.com/advisories/38132 http://secunia.com/advisories/38223 http://secunia.com/advisories/38232 http://support.apple.com/kb&# • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 8%CPEs: 1EXPL: 0

unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive. unlzh.c en el componente LHZ en gzip 1.3.5 permite a atacantes dependientes de contexto provocar una denegación de servicio (bucle infinito) vía un archivo GZIP artesanal. • ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676 http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://secunia.com/advisories/21996 http://secunia.com/advisories/22002 http://secunia.com/advisories/22009 http://secunia.com/advisories/22012 http://secunia.com/advisories/22017 http://secunia.com/advisories/22027 http:&#x •

CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0

Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive. Desbordamiento de búfer en la función make_table en el componente LHZ en gzip 1.3.5 permite a atacantes dependientes de contexto ejecutar código de su elección vía una tabla de decodificación artesanal en un archivo GZIP. • ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676 http://docs.info.apple.com/article.html?artnum=304829 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://secunia.com/advisories/21996 http://secunia.com/advisories/22002 http://secunia.com/advisories/22009 http://secunia.com/advisories/22012 http://secunia.com/advisories/22017 http://secunia.com/advisories/22027 http:&#x •