CVE-2004-0603

5 documents5 sources

Severity

10.0CRITICAL

EPSS

2.5%

top 14.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Gzip

Timeline

PublishedDec 6

Latest updateApr 29

Description

gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDgnu/gzip1.3.3

Patches

Patch: security.gentoo.org ↗Patch: www.securityfocus.com ↗Patch: security.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-px52-rq5c-w9gw: gzexe in gzip 1↗2022-04-29

▶

CVEList

CVE-2004-0603: gzexe in gzip 1↗2004-06-30

▶

📋Vendor Advisories

Debian

CVE-2004-0603: gzip - gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a ...↗2004

▶

Red Hat

CVE-2004-0603: gzexe in gzip 1↗

▶