An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DLA-2976-1 | gzip security update |
![]() |
DLA-2977-1 | xz-utils security update |
![]() |
DSA-5122-1 | gzip security update |
![]() |
DSA-5123-1 | xz-utils security update |
![]() |
EUVD-2022-24604 | An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. |
![]() |
USN-5378-1 | Gzip vulnerability |
![]() |
USN-5378-2 | XZ Utils vulnerability |
![]() |
USN-5378-3 | XZ Utils vulnerability |
![]() |
USN-5378-4 | Gzip vulnerability |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Mon, 09 Jun 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 26 Aug 2024 11:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Tukaani
Tukaani xz |
|
CPEs | cpe:2.3:a:tukaani:xz:*:*:*:*:*:*:*:* | |
Vendors & Products |
Tukaani
Tukaani xz |

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2025-06-09T14:56:35.875Z
Reserved: 2022-04-07T00:00:00.000Z
Link: CVE-2022-1271

Updated: 2024-08-02T23:55:24.665Z

Status : Modified
Published: 2022-08-31T16:15:09.347
Modified: 2025-06-09T15:15:26.690
Link: CVE-2022-1271


No data.