Total
11 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-1228 | 1 Gnu | 1 Gzip | 2024-11-20 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. | |||||
CVE-2005-0988 | 7 Freebsd, Gentoo, Gnu and 4 more | 13 Freebsd, Linux, Gzip and 10 more | 2024-11-20 | 3.7 LOW | N/A |
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. | |||||
CVE-2005-0758 | 2 Canonical, Gnu | 2 Ubuntu Linux, Gzip | 2024-11-20 | 4.6 MEDIUM | N/A |
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. | |||||
CVE-2004-1349 | 2 Gnu, Oracle | 2 Gzip, Solaris | 2024-11-20 | 2.1 LOW | N/A |
gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files. | |||||
CVE-2004-0970 | 1 Gnu | 1 Gzip | 2024-11-20 | 2.1 LOW | N/A |
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367. | |||||
CVE-2004-0603 | 1 Gnu | 1 Gzip | 2024-11-20 | 10.0 HIGH | N/A |
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332. | |||||
CVE-2003-0367 | 2 Debian, Gnu | 2 Debian Linux, Gzip | 2024-11-20 | 2.1 LOW | N/A |
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
CVE-2001-1228 | 1 Gnu | 1 Gzip | 2024-11-20 | 7.5 HIGH | N/A |
Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server. | |||||
CVE-2022-1271 | 4 Debian, Gnu, Redhat and 1 more | 4 Debian Linux, Gzip, Jboss Data Grid and 1 more | 2024-08-26 | N/A | 8.8 HIGH |
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. | |||||
CVE-2009-2624 | 1 Gnu | 1 Gzip | 2024-02-28 | 6.8 MEDIUM | N/A |
The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression. | |||||
CVE-2010-0001 | 1 Gnu | 1 Gzip | 2024-02-28 | 6.8 MEDIUM | N/A |
Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. |