Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-1271

EPSS 0.81% · P74
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-1271

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
不正确的行为次序:过早验证
Source: NVD (National Vulnerability Database)
Vulnerability Title
GNU Gzip 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GNU Gzip是GNU社区的一款压缩/解压缩程序。 GNU Gzip 存在输入验证错误漏洞,该漏洞由于在处理具有两个或多个换行符的文件名时验证不足,因此存在该漏洞。远程攻击者可以强制 zgrep 或 xzgrep 在系统上写入任意文件。该漏洞允许远程攻击者破坏受影响的系统。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-gzip, xz-utils Fixed in gzip 1.12 -

II. Public POCs for CVE-2022-1271

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-1271

登录查看更多情报信息。

Same Patch Batch · n/a · 2022-08-31 · 52 CVEs total

CVE-2022-390467.5 HIGHGNU C Library 日志信息泄露漏洞
CVE-2022-37128D-Link DIR-816 安全漏洞
CVE-2022-37123D-Link DIR-816 操作系统命令注入漏洞
CVE-2022-36619D-Link DIR-816 访问控制错误漏洞
CVE-2022-36203Doctor’s Appointment System 跨站脚本漏洞
CVE-2022-37125D-Link DIR-816 命令注入漏洞
CVE-2022-36201Doctor’s Appointment System SQL注入漏洞
CVE-2022-36202Doctor’s Appointment System 安全漏洞
CVE-2022-37129D-Link DIR-816 操作系统命令注入漏洞
CVE-2022-36568Tenda AC9 缓冲区错误漏洞
CVE-2022-36569Tenda AC9 缓冲区错误漏洞
CVE-2022-38812AeroCMS SQL注入漏洞
CVE-2022-37184Garage Management System 代码问题漏洞
CVE-2022-36566Rengine 操作系统命令注入漏洞
CVE-2022-37183Piwigo 跨站脚本漏洞
CVE-2022-28625Hewlett Packard Enterprise OneView 日志信息泄露漏洞
CVE-2022-37122Carel pCOWeb HVAC BACnet Gateway 路径遍历漏洞
CVE-2022-30318Honeywell ControlEdge PLC 信任管理问题漏洞
CVE-2020-35538libjpeg-turbo 代码问题漏洞
CVE-2022-2466Quarkus 环境问题漏洞

Showing top 20 of 52 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a
Same weakness: CWE-179

V. Comments for CVE-2022-1271

No comments yet

Leave a comment