CVE-2022-1271
Tukaani XZ Utils xzgrep Argument Injection Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
Se encontró una vulnerabilidad de escritura arbitraria de archivos en la utilidad zgrep de GNU gzip. Cuando zgrep es aplicado sobre el nombre de archivo elegido por el atacante (por ejemplo, un nombre de archivo diseñado), éste puede sobrescribir el contenido de un archivo arbitrario seleccionado por el atacante. Este fallo es producido debido a una comprobación insuficiente cuando son procesados nombres de archivo con dos o más líneas nuevas en los que el contenido seleccionado y los nombres de archivo de destino están insertados en nombres de archivo multilínea diseñados. Este fallo permite a un atacante remoto poco privilegiado forzar a zgrep a escribir archivos arbitrarios en el sistema
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tukaani XZ Utils. Interaction with this script is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the handling of special characters. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system command. An attacker can leverage this vulnerability to execute code on the system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-04-07 CVE Reserved
- 2022-04-12 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-179: Incorrect Behavior Order: Early Validation
- CWE-1173: Improper Use of Validation Framework
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6 | X_refsource_misc | |
| https://security-tracker.debian.org/tracker/CVE-2022-1271 | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20220930-0006 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html | 2023-11-07 | |
| https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch | 2023-11-07 | |
| https://www.openwall.com/lists/oss-security/2022/04/07/8 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-1271 | 2022-07-01 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2073310 | 2022-07-01 | |
| https://security.gentoo.org/glsa/202209-01 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnu Search vendor "Gnu" | Gzip Search vendor "Gnu" for product "Gzip" | < 1.12 Search vendor "Gnu" for product "Gzip" and version " < 1.12" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Data Grid Search vendor "Redhat" for product "Jboss Data Grid" | 7.0.0 Search vendor "Redhat" for product "Jboss Data Grid" and version "7.0.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||