PT-2022-2156 · Gnu+11 · Gnu Gzip+11

Jim Meyering

·

Published

2022-04-07

·

Updated

2026-04-08

·

CVE-2022-1271

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions GNU gzip versions (affected versions not specified)
Description An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. A remote, low privileged attacker can force zgrep to write arbitrary files on the system by applying zgrep on a crafted file name. The vulnerability allows an attacker to overwrite arbitrary files on the system.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-179

Related Identifiers

ALSA-2022:1537
ALSA-2022:4940
ALSA-2022:4991
ALT-PU-2022-1660
ALT-PU-2022-1667
ALT-PU-2023-1595
ALT-PU-2023-1597
ALT-PU-2024-14308
AZL-10819
BDU:2022-02113
CESA-2022_1537
CESA-2022_2191
CESA-2022_4991
CESA-2022_5052
CVE-2022-1271
DLA-2976-1
DLA-2977-1
DSA-5122-1
DSA-5123-1
INFSA-2022_4940
JLSEC-2026-61
MGASA-2022-0149
OESA-2022-1629
OESA-2022-1650
OPENSUSE-SU-2022_1158-1
OPENSUSE-SU-2022_1617-1
OPENSUSE-SU-2024:11987-1
OPENSUSE-SU-2024:11992-1
OPENSUSE-SU-2024:12271-1
RHSA-2022:1537
RHSA-2022:1592
RHSA-2022:1665
RHSA-2022:1676
RHSA-2022:2191
RHSA-2022:4582
RHSA-2022:4896
RHSA-2022:4940
RHSA-2022:4991
RHSA-2022:4992
RHSA-2022:4993
RHSA-2022:4994
RHSA-2022:5052
RHSA-2022:5439
RHSA-2022_1537
RHSA-2022_2191
RHSA-2022_4582
RHSA-2022_4940
RHSA-2022_4991
RHSA-2022_5052
RLSA-2022:1537
RLSA-2022:4582
RLSA-2022:4940
RLSA-2022:4991
SUSE-SU-2022:1158-1
SUSE-SU-2022:1160-1
SUSE-SU-2022:1250-1
SUSE-SU-2022:1272-1
SUSE-SU-2022:1275-1
SUSE-SU-2022:14938-1
SUSE-SU-2022:1617-1
SUSE-SU-2022:1650-1
SUSE-SU-2022:1673-1
SUSE-SU-2022:1674-1
SUSE-SU-2022_1158-1
SUSE-SU-2022_1160-1
SUSE-SU-2022_1250-1
SUSE-SU-2022_1272-1
SUSE-SU-2022_1275-1
SUSE-SU-2022_14938-1
SUSE-SU-2022_1617-1
USN-5378-1
USN-5378-2
USN-5378-3
USN-5378-4
ZDI-22-619

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Gnu Gzip
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Xz Utils