CVE-2022-1271
Description
An arbitrary file write vulnerability was found in GNU gzips zgrep utility. When zgrep is applied on the attackers chosen file name (for example, a crafted file name), this can overwrite an attackers content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.813
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Red Hat JBoss Data Grid 7.0.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.5 | Windows |
| SUSE-SU-2022:1160-1(SUSE Linux Enterprise Server 12-SP5 ) liblzma5-5.0.5-6.7.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1160-1(SUSE Linux Enterprise Server 12-SP5 ) liblzma5-32bit-5.0.5-6.7.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1160-1(SUSE Linux Enterprise Server 12-SP5 ) liblzma5-debuginfo-5.0.5-6.7.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1160-1(SUSE Linux Enterprise Server 12-SP5 ) liblzma5-debuginfo-32bit-5.0.5-6.7.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1160-1(SUSE Linux Enterprise Server 12-SP5 ) xz-5.0.5-6.7.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1160-1(SUSE Linux Enterprise Server 12-SP5 ) xz-debuginfo-5.0.5-6.7.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1160-1(SUSE Linux Enterprise Server 12-SP5 ) xz-debugsource-5.0.5-6.7.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1160-1(SUSE Linux Enterprise Server 12-SP5 ) xz-lang-5.0.5-6.7.1.noarch.rpm | Linux |
| GNU compression utilities (USN-5378-1) gzip_1.6-5ubuntu1.2_i386.deb | Linux |
| GNU compression utilities (USN-5378-1) gzip_1.6-5ubuntu1.2_amd64.deb | Linux |
| GNU compression utilities (USN-5378-1) gzip_1.10-0ubuntu4.1_i386.deb | Linux |
| GNU compression utilities (USN-5378-1) gzip_1.10-0ubuntu4.1_amd64.deb | Linux |
| GNU compression utilities (USN-5378-1) gzip_1.10-4ubuntu2_i386.deb | Linux |
| GNU compression utilities (USN-5378-1) gzip_1.10-4ubuntu2_amd64.deb | Linux |
| gzip security update(DSA-5122-1) gzip_1.9-3+deb10u1_i386.deb | Linux |
| gzip security update(DSA-5122-1) gzip_1.9-3+deb10u1_amd64.deb | Linux |
| gzip security update(DSA-5122-1) gzip_1.10-4+deb11u1_amd64.deb | Linux |
| (RHSA-2022:1537) gzip security update gzip-1.9-13.el8_5.x86_64.rpm | Linux |
| (RHSA-2022:1537) gzip security update gzip-debugsource-1.9-13.el8_5.x86_64.rpm | Linux |
| Gzip update (ELSA-2022-1537) gzip-1.9-13.el8_5.x86_64.rpm | Linux |
| SUSE-SU-2022:1272-1(SUSE Linux Enterprise Server 12-SP5 ) gzip-1.10-4.11.3.x86_64.rpm | Linux |
| SUSE-SU-2022:1272-1(SUSE Linux Enterprise Server 12-SP5 ) gzip-debuginfo-1.10-4.11.3.x86_64.rpm | Linux |
| SUSE-SU-2022:1272-1(SUSE Linux Enterprise Server 12-SP5 ) gzip-debugsource-1.10-4.11.3.x86_64.rpm | Linux |
| Gzip update (ELSA-2022-2191) gzip-1.5-11.el7_9.x86_64.rpm | Linux |
| (RHSA-2022:2191) gzip security update gzip-1.5-11.el7_9.x86_64.rpm | Linux |
| Xz update (ELSA-2022-4991) xz-5.2.4-4.el8_6.x86_64.rpm | Linux |
| Xz-devel update (ELSA-2022-4991) xz-devel-5.2.4-4.el8_6.i686.rpm | Linux |
| Xz-devel update (ELSA-2022-4991) xz-devel-5.2.4-4.el8_6.x86_64.rpm | Linux |
| Xz-libs update (ELSA-2022-4991) xz-libs-5.2.4-4.el8_6.i686.rpm | Linux |
| Xz-libs update (ELSA-2022-4991) xz-libs-5.2.4-4.el8_6.x86_64.rpm | Linux |
| Xz-lzma-compat update (ELSA-2022-4991) xz-lzma-compat-5.2.4-4.el8_6.x86_64.rpm | Linux |
| (RHSA-2022:5052) xz security update xz-5.2.2-2.el7_9.x86_64.rpm | Linux |
| (RHSA-2022:5052) xz security update xz-compat-libs-5.2.2-2.el7_9.i686.rpm | Linux |
| (RHSA-2022:5052) xz security update xz-compat-libs-5.2.2-2.el7_9.x86_64.rpm | Linux |
| (RHSA-2022:5052) xz security update xz-devel-5.2.2-2.el7_9.i686.rpm | Linux |
| (RHSA-2022:5052) xz security update xz-devel-5.2.2-2.el7_9.x86_64.rpm | Linux |
| (RHSA-2022:5052) xz security update xz-libs-5.2.2-2.el7_9.i686.rpm | Linux |
| (RHSA-2022:5052) xz security update xz-libs-5.2.2-2.el7_9.x86_64.rpm | Linux |
| (RHSA-2022:5052) xz security update xz-lzma-compat-5.2.2-2.el7_9.x86_64.rpm | Linux |
| Xz update (ELSA-2022-5052) xz-5.2.2-2.el7_9.x86_64.rpm | Linux |
| Xz-compat-libs update (ELSA-2022-5052) xz-compat-libs-5.2.2-2.el7_9.i686.rpm | Linux |
| Xz-compat-libs update (ELSA-2022-5052) xz-compat-libs-5.2.2-2.el7_9.x86_64.rpm | Linux |
| Xz-devel update (ELSA-2022-5052) xz-devel-5.2.2-2.el7_9.i686.rpm | Linux |
| Xz-devel update (ELSA-2022-5052) xz-devel-5.2.2-2.el7_9.x86_64.rpm | Linux |
| Xz-libs update (ELSA-2022-5052) xz-libs-5.2.2-2.el7_9.i686.rpm | Linux |
| Xz-libs update (ELSA-2022-5052) xz-libs-5.2.2-2.el7_9.x86_64.rpm | Linux |
| Xz-lzma-compat update (ELSA-2022-5052) xz-lzma-compat-5.2.2-2.el7_9.x86_64.rpm | Linux |
| Gzip update (ELSA-2022-4582) gzip-1.10-9.el9_0.x86_64.rpm | Linux |
| Xz update (ELSA-2022-4940) xz-5.2.5-8.el9_0.x86_64.rpm | Linux |
| Xz-devel update (ELSA-2022-4940) xz-devel-5.2.5-8.el9_0.i686.rpm | Linux |
| Xz-devel update (ELSA-2022-4940) xz-devel-5.2.5-8.el9_0.x86_64.rpm | Linux |
| Xz-libs update (ELSA-2022-4940) xz-libs-5.2.5-8.el9_0.i686.rpm | Linux |
| Xz-libs update (ELSA-2022-4940) xz-libs-5.2.5-8.el9_0.x86_64.rpm | Linux |
| Xz-lzma-compat update (ELSA-2022-4940) xz-lzma-compat-5.2.5-8.el9_0.x86_64.rpm | Linux |
| (RHSA-2022:4582) gzip security update gzip-1.10-9.el9_0.x86_64.rpm | Linux |
| (RHSA-2022:4582) gzip security update gzip-debugsource-1.10-9.el9_0.x86_64.rpm | Linux |
| (RHSA-2022:4940) xz security update xz-5.2.5-8.el9_0.x86_64.rpm | Linux |
| (RHSA-2022:4940) xz security update xz-debugsource-5.2.5-8.el9_0.i686.rpm | Linux |
| (RHSA-2022:4940) xz security update xz-debugsource-5.2.5-8.el9_0.x86_64.rpm | Linux |
| (RHSA-2022:4940) xz security update xz-devel-5.2.5-8.el9_0.i686.rpm | Linux |
| (RHSA-2022:4940) xz security update xz-devel-5.2.5-8.el9_0.x86_64.rpm | Linux |
| (RHSA-2022:4940) xz security update xz-libs-5.2.5-8.el9_0.i686.rpm | Linux |
| (RHSA-2022:4940) xz security update xz-libs-5.2.5-8.el9_0.x86_64.rpm | Linux |
| (RHSA-2022:4940) xz security update xz-lzma-compat-5.2.5-8.el9_0.x86_64.rpm | Linux |
| gzip security update (RLSA-2022:1537) gzip-1.9-13.el8_5.x86_64.rpm | Linux |
| xz security update (RLSA-2022:4940) xz-5.2.5-8.el9_0.x86_64.rpm | Linux |
| xz security update (RLSA-2022:4940) xz-libs-5.2.5-8.el9_0.i686.rpm | Linux |
| xz security update (RLSA-2022:4940) xz-libs-5.2.5-8.el9_0.x86_64.rpm | Linux |
| xz security update (RLSA-2022:4940) xz-devel-5.2.5-8.el9_0.i686.rpm | Linux |
| xz security update (RLSA-2022:4940) xz-devel-5.2.5-8.el9_0.x86_64.rpm | Linux |
| xz security update (RLSA-2022:4940) xz-lzma-compat-5.2.5-8.el9_0.x86_64.rpm | Linux |
| xz security update (RLSA-2022:4991) xz-5.2.4-4.el8_6.x86_64.rpm | Linux |
| xz security update (RLSA-2022:4991) xz-libs-5.2.4-4.el8_6.i686.rpm | Linux |
| xz security update (RLSA-2022:4991) xz-libs-5.2.4-4.el8_6.x86_64.rpm | Linux |
| xz security update (RLSA-2022:4991) xz-devel-5.2.4-4.el8_6.i686.rpm | Linux |
| xz security update (RLSA-2022:4991) xz-devel-5.2.4-4.el8_6.x86_64.rpm | Linux |
| SUSE-SU-2023:2507-1(SUSE Linux Enterprise Server 12 SP5 ) kernel-azure-4.12.14-16.136.1.x86_64.rpm | Linux |
| SUSE-SU-2023:2507-1(SUSE Linux Enterprise Server 12 SP5 ) kernel-azure-base-4.12.14-16.136.1.x86_64.rpm | Linux |
| SUSE-SU-2023:2507-1(SUSE Linux Enterprise Server 12 SP5 ) kernel-azure-base-debuginfo-4.12.14-16.136.1.x86_64.rpm | Linux |
| SUSE-SU-2023:2507-1(SUSE Linux Enterprise Server 12 SP5 ) kernel-azure-debuginfo-4.12.14-16.136.1.x86_64.rpm | Linux |
| SUSE-SU-2023:2507-1(SUSE Linux Enterprise Server 12 SP5 ) kernel-azure-debugsource-4.12.14-16.136.1.x86_64.rpm | Linux |
| SUSE-SU-2023:2507-1(SUSE Linux Enterprise Server 12 SP5 ) kernel-azure-devel-4.12.14-16.136.1.x86_64.rpm | Linux |
| SUSE-SU-2023:2507-1(SUSE Linux Enterprise Server 12 SP5 ) kernel-devel-azure-4.12.14-16.136.1.noarch.rpm | Linux |
| SUSE-SU-2023:2507-1(SUSE Linux Enterprise Server 12 SP5 ) kernel-source-azure-4.12.14-16.136.1.noarch.rpm | Linux |
| SUSE-SU-2023:2507-1(SUSE Linux Enterprise Server 12 SP5 ) kernel-syms-azure-4.12.14-16.136.1.x86_64.rpm | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-alsa-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-devel-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-plugin-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-99~1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-debugsource-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-debuginfo-99~1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| (RHSA-2022:1537)Important: security update gzip-debuginfo-1.9-13.el8_5.x86_64.rpm | Linux |
| (RHSA-2022:2191)Important: security update gzip-debuginfo-1.5-11.el7_9.x86_64.rpm | Linux |
| (RHSA-2022:4991)Important: security update xz-5.2.4-4.el8_6.x86_64.rpm | Linux |
| (RHSA-2022:4991)Important: security update xz-debuginfo-5.2.4-4.el8_6.i686.rpm | Linux |
| (RHSA-2022:4991)Important: security update xz-debuginfo-5.2.4-4.el8_6.x86_64.rpm | Linux |
| (RHSA-2022:4991)Important: security update xz-debugsource-5.2.4-4.el8_6.i686.rpm | Linux |
| (RHSA-2022:4991)Important: security update xz-debugsource-5.2.4-4.el8_6.x86_64.rpm | Linux |
| (RHSA-2022:4991)Important: security update xz-devel-5.2.4-4.el8_6.i686.rpm | Linux |
| (RHSA-2022:4991)Important: security update xz-devel-5.2.4-4.el8_6.x86_64.rpm | Linux |
| (RHSA-2022:4991)Important: security update xz-libs-5.2.4-4.el8_6.i686.rpm | Linux |
| (RHSA-2022:4991)Important: security update xz-libs-5.2.4-4.el8_6.x86_64.rpm | Linux |
| (RHSA-2022:4991)Important: security update xz-libs-debuginfo-5.2.4-4.el8_6.i686.rpm | Linux |
| (RHSA-2022:4991)Important: security update xz-libs-debuginfo-5.2.4-4.el8_6.x86_64.rpm | Linux |
| (RHSA-2022:4991)Important: security update xz-lzma-compat-debuginfo-5.2.4-4.el8_6.i686.rpm | Linux |
| (RHSA-2022:4991)Important: security update xz-lzma-compat-debuginfo-5.2.4-4.el8_6.x86_64.rpm | Linux |
| (RHSA-2022:5052)Important: security update xz-debuginfo-5.2.2-2.el7_9.i686.rpm | Linux |
| (RHSA-2022:5052)Important: security update xz-debuginfo-5.2.2-2.el7_9.x86_64.rpm | Linux |
| gzip security update(DSA-5122-1) gzip_1.10-4+deb11u1_i386.deb | Linux |
| xz-utils security update(DSA-5123-1) xz-utils_5.2.5-2.1~deb11u1_i386.deb | Linux |
| gzip, xz Security Update (ALAS-2022-1782) xz-5.2.2-1.amzn2.0.3.x86_64.rpm | Linux |
| gzip, xz Security Update (ALAS-2022-1782) gzip-1.5-10.amzn2.0.1.x86_64.rpm | Linux |
| gzip, xz Security Update (ALAS-2022-1782) xz-libs-5.2.2-1.amzn2.0.3.i686.rpm | Linux |
| gzip, xz Security Update (ALAS-2022-1782) xz-libs-5.2.2-1.amzn2.0.3.x86_64.rpm | Linux |
| gzip, xz Security Update (ALAS-2022-1782) xz-devel-5.2.2-1.amzn2.0.3.x86_64.rpm | Linux |
| gzip, xz Security Update (ALAS-2022-1782) xz-compat-libs-5.2.2-1.amzn2.0.3.i686.rpm | Linux |
| gzip, xz Security Update (ALAS-2022-1782) xz-compat-libs-5.2.2-1.amzn2.0.3.x86_64.rpm | Linux |
| gzip, xz Security Update (ALAS-2022-1782) xz-lzma-compat-5.2.2-1.amzn2.0.3.x86_64.rpm | Linux |
| xz Security Update (ALAS-2023-042) xz-5.2.5-9.amzn2023.0.2.x86_64.rpm | Linux |
| xz Security Update (ALAS-2023-042) xz-libs-5.2.5-9.amzn2023.0.2.x86_64.rpm | Linux |
| xz Security Update (ALAS-2023-042) xz-devel-5.2.5-9.amzn2023.0.2.x86_64.rpm | Linux |
| xz Security Update (ALAS-2023-042) xz-static-5.2.5-9.amzn2023.0.2.x86_64.rpm | Linux |
| xz Security Update (ALAS-2023-042) xz-lzma-compat-5.2.5-9.amzn2023.0.2.x86_64.rpm | Linux |
| gzip Security Update (ALAS-2023-043) gzip-1.10-5.amzn2023.0.2.x86_64.rpm | Linux |
| Important: gzip security update gzip-1.9-13.el8_5.x86_64.rpm | Linux |
| Important: xz security update xz-5.2.5-8.el9_0.x86_64.rpm | Linux |
| Important: xz security update xz-devel-5.2.5-8.el9_0.i686.rpm | Linux |
| Important: xz security update xz-devel-5.2.5-8.el9_0.x86_64.rpm | Linux |
| Important: xz security update xz-libs-5.2.5-8.el9_0.i686.rpm | Linux |
| Important: xz security update xz-libs-5.2.5-8.el9_0.x86_64.rpm | Linux |
| Important: xz security update xz-lzma-compat-5.2.5-8.el9_0.x86_64.rpm | Linux |
| Important: xz security update xz-5.2.4-4.el8_6.x86_64.rpm | Linux |
| Important: xz security update xz-devel-5.2.4-4.el8_6.i686.rpm | Linux |
| Important: xz security update xz-devel-5.2.4-4.el8_6.x86_64.rpm | Linux |
| Important: xz security update xz-libs-5.2.4-4.el8_6.i686.rpm | Linux |
| Important: xz security update xz-libs-5.2.4-4.el8_6.x86_64.rpm | Linux |
| gzip Security Update (ALAS2023-2023-043) gzip-1.10-5.amzn2023.0.2.x86_64.rpm | Linux |
| xz Security Update (ALAS2023-2023-042) xz-5.2.5-9.amzn2023.0.2.x86_64.rpm | Linux |
| xz Security Update (ALAS2023-2023-042) xz-devel-5.2.5-9.amzn2023.0.2.x86_64.rpm | Linux |
| xz Security Update (ALAS2023-2023-042) xz-libs-5.2.5-9.amzn2023.0.2.x86_64.rpm | Linux |
| xz Security Update (ALAS2023-2023-042) xz-lzma-compat-5.2.5-9.amzn2023.0.2.x86_64.rpm | Linux |
| xz Security Update (ALAS2023-2023-042) xz-static-5.2.5-9.amzn2023.0.2.x86_64.rpm | Linux |
| Improper Input Validation Vulnerability (CVE-2022-1271) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234