CVE-2005-1228

10 documents9 sources

Severity

5.0MEDIUM

EPSS

4.6%

top 10.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Gzip

Timeline

PublishedMay 2

Latest updateMay 3

Description

Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debiangzip< 1.3.5-10+3

▶NVDgnu/gzip1.2.4, 1.3.3+1

Patches

Patch: bugs.debian.org ↗Patch: bugs.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-9855-w374-4v24: Directory traversal vulnerability in gunzip -N in gzip 1↗2022-05-03

▶

OSV

CVE-2005-1228: Directory traversal vulnerability in gunzip -N in gzip 1↗2005-05-02

▶

CVEList

CVE-2005-1228: Directory traversal vulnerability in gunzip -N in gzip 1↗2005-04-22

▶

📋Vendor Advisories

Ubuntu

gzip vulnerabilities↗2005-05-04

▶

Red Hat

security flaw↗2005-04-18

▶

Debian

CVE-2005-1228: gzip - Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allow...↗2005

▶

💬Community

Bugzilla

CVE-2005-1228 security flaw↗2018-08-16

▶