CVE-2022-1271
published 2022-08-31CVE-2022-1271: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted…
PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
4.06%
89.4th percentile
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | gzip | < gzip 1.12-1 (bookworm) | gzip 1.12-1 (bookworm) |
| debian | xz-utils | < gzip 1.12-1 (bookworm) | gzip 1.12-1 (bookworm) |
| gnu | gzip | < 1.12 | 1.12 |
| gzip | gzip | >= 0 < 1.10-4+deb11u1 | 1.10-4+deb11u1 |
| gzip | gzip | >= 0 < 1.12-1 | 1.12-1 |
| gzip | gzip | >= 0 < 1.12-1 | 1.12-1 |
| gzip | gzip | >= 0 < 1.12-1 | 1.12-1 |
| msrc | cbl2_gzip_1.12-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_gzip_1.12-1_on_cbl_mariner_1.0 | — | — |
| openzeppelin | contracts | >= 4.1.0 < 4.7.1 | 4.7.1 |
| openzeppelin | contracts-upgradeable | >= 4.1.0 < 4.7.1 | 4.7.1 |
| paloalto | pan-os | — | — |
| redhat | jboss_data_grid | — | — |
| tukaani | xz | < 5.2.5 | 5.2.5 |
Detection & IOCsextracted from sources · hover to see the quote
- →Attack vector: zgrep/xzgrep processing of specially crafted filenames containing two or more newlines, where selected content and target file names are embedded in crafted multi-line file names, triggers arbitrary file write. ↗
- →Vulnerability was introduced in gzip version 1.3.10; systems running gzip >= 1.3.10 and unpatched are in scope for this CVE. ↗
- →Monitor for zgrep or xzgrep invocations where the filename argument contains newline characters (\n), which is the core exploitation primitive for this vulnerability. ↗
- →Audit automated systems or pipelines that invoke zgrep/xzgrep on externally-supplied or user-controlled filenames, as these are the primary exploitation path for a remote, low-privileged attacker. ↗
- ·Debian fixed versions are available: bookworm/forky/sid/trixie fixed in gzip 1.12-1; bullseye fixed in 1.10-4+deb11u1. Unpatched Debian systems on these branches remain vulnerable. ↗
- ·Red Hat Enterprise Linux 6 is affected but out of support scope; gzip was not included in the RHEL 6 ELS Inclusion List, so no official patch will be provided for that platform. ↗
- ·Both gzip (zgrep) and xz-utils (xzgrep) are affected; detection and patching efforts must cover both packages. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
vendor_redhat8.8HIGH
vendor_oracle7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: vduse: Fix NULL pointer dereference on sysfs access
vendor_redhat·2025-02-26·CVSS 5.5
CVE-2022-49329 [MEDIUM] CWE-476 kernel: vduse: Fix NULL pointer dereference on sysfs access
kernel: vduse: Fix NULL pointer dereference on sysfs access
In the Linux kernel, the following vulnerability has been resolved:
vduse: Fix NULL pointer dereference on sysfs access
The control device has no drvdata. So we will get a
NULL pointer dereference when accessing control
device's msg_timeout attribute via sysfs:
[ 132.841881][ T3644] BUG: kernel NULL pointer dereference, address: 00000000000000f8
[ 132.850619][ T3644] RIP: 0010:msg_timeout_show (drivers/vdpa/vdpa_user/vduse_dev.c:1271)
[ 132.869447][ T3644] dev_attr_show (drivers/base/core.c:2094)
[ 132.870215][ T3644] sysfs_kf_seq_show (fs/sysfs/file.c:59)
[ 132.871164][ T3644] ? device_remove_bin_file (drivers/base/core.c:2088)
[ 132.872082][ T3644] kernfs_seq_show (fs/kernfs/file.c:164)
[ 132.872838][ T3644] seq_read_iter (fs/s
Palo Alto
PAN-SA-2024-0004 Informational Bulletin: OSS CVEs fixed in PAN-OS
vendor_paloalto·2024-04-10·CVSS 9.8
CVE-2015-5739 [CRITICAL] PAN-SA-2024-0004 Informational Bulletin: OSS CVEs fixed in PAN-OS
PAN-SA-2024-0004 Informational Bulletin: OSS CVEs fixed in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS. While it was not determined that these CVEs have any significant impact on PAN-OS, they have been fixed out of an abundance of caution. CVE Summary CVE-2015-5739 This CVE is fixed in PAN-OS 11.0.4, and all later PAN-OS versions. CVE-2016-10228 This CVE is fixed in PAN-OS 11.1.3, and all later PAN-OS versions. CVE-2017-8923 This CVE is fixed in PAN-OS 10.2.8, 11.0.3, and all later PAN-OS versions. CVE-2017-9120 This CVE is fixed in PAN-OS 10.2.8, 11.0.3, and all later PAN-OS versions. CVE-2018-25009 This CVE is fixed in PAN-OS 10.2.8, 11.0.4, 11.1.3, and all later PAN-OS versions. CVE-2
Microsoft
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example a crafted file name) this can overwrite an attacker's
vendor_msrc·2022-08-09·CVSS 8.8
CVE-2022-1271 [HIGH] CWE-20 An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example a crafted file name) this can overwrite an attacker's
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example a crafted file name) this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote low privileged attacker to force zgrep to write arbitrary files on the system.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment t
Oracle
Oracle Oracle Communications Risk Matrix: CNC Console (GNU Gzip) — CVE-2022-1271
vendor_oracle·2022-07-15·CVSS 7.1
CVE-2022-1271 [HIGH] Oracle Oracle Communications Risk Matrix: CNC Console (GNU Gzip) — CVE-2022-1271
Oracle Oracle Communications Risk Matrix: CNC Console (GNU Gzip) vulnerability
CVE: CVE-2022-1271
CVSS: 7.1
Protocol: HTTP
Remote exploit: No
Affected versions: Network
Advisory: cpujul2022 (JUL 2022)
Ubuntu
XZ Utils vulnerability
vendor_ubuntu·2022-04-13
CVE-2022-1271 XZ Utils vulnerability
Title: XZ Utils vulnerability
Summary: XZ Utils could be made to overwrite arbitrary files.
Cleemy Desu Wayo discovered that XZ Utils incorrectly handled certain
filenames. If a user or automated system were tricked into performing
xzgrep operations with specially crafted filenames, a remote attacker could
overwrite arbitrary files.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Gzip vulnerability
vendor_ubuntu·2022-04-13
CVE-2022-1271 Gzip vulnerability
Title: Gzip vulnerability
Summary: Gzip could be made to overwrite arbitrary files.
Cleemy Desu Wayo discovered that Gzip incorrectly handled certain
filenames. If a user or automated system were tricked into performing zgrep
operations with specially crafted filenames, a remote attacker could
overwrite arbitrary files.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
XZ Utils vulnerability
vendor_ubuntu·2022-04-13
CVE-2022-1271 XZ Utils vulnerability
Title: XZ Utils vulnerability
Summary: XZ Utils could be made to overwrite arbitrary files.
USN-5378-2 fixed a vulnerability in XZ Utils. This update provides
the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.
Original advisory details:
Cleemy Desu Wayo discovered that Gzip incorrectly handled certain
filenames. If a user or automated system were tricked into performing zgrep
operations with specially crafted filenames, a remote attacker could
overwrite arbitrary files.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Gzip vulnerability
vendor_ubuntu·2022-04-13
CVE-2022-1271 Gzip vulnerability
Title: Gzip vulnerability
Summary: Gzip could be made to overwrite arbitrary files.
USN-5378-1 fixed a vulnerability in Gzip. This update provides
the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.
Original advisory details:
Cleemy Desu Wayo discovered that Gzip incorrectly handled certain
filenames. If a user or automated system were tricked into performing zgrep
operations with specially crafted filenames, a remote attacker could
overwrite arbitrary files.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
gzip: arbitrary-file-write vulnerability
vendor_redhat·2022-04-07·CVSS 8.8
CVE-2022-1271 [HIGH] CWE-73 gzip: arbitrary-file-write vulnerability
gzip: arbitrary-file-write vulnerability
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's c
Debian
CVE-2022-1271: gzip - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. Whe...
vendor_debian·2022·CVSS 8.8
CVE-2022-1271 [HIGH] CVE-2022-1271: gzip - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. Whe...
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
Scope: local
bookworm: resolved (fixed in 1.12-1)
bullseye: resolved (fixed in 1.10-4+deb11u1)
forky: resolved (fixed in 1.12-1)
sid: resolved (fixed in 1.12-1)
trixie: resolved (fixed in 1.12-1)
GHSA
GHSA-jrpw-543v-8r62: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility
ghsa_unreviewed·2022-09-01
CVE-2022-1271 [HIGH] CWE-179 GHSA-jrpw-543v-8r62: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
OSV
CVE-2022-1271: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility
osv·2022-08-31·CVSS 8.8
CVE-2022-1271 [HIGH] CVE-2022-1271: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
GHSA
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
ghsa·2022-07-21
CVE-2022-31172 [HIGH] CWE-20 OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
### Impact
`SignatureChecker.isValidSignatureNow` is not expected to revert. However, an incorrect assumption about Solidity 0.8's `abi.decode` allows some cases to revert, given a target contract that doesn't implement EIP-1271 as expected.
The contracts that may be affected are those that use `SignatureChecker` to check the validity of a signature and handle invalid signatures in a way other than reverting. We believe this to be unlikely.
### Patches
The issue was patched in 4.7.1.
### References
https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3552
### For more information
If you have any questions or comments about this advisory, or need assistance deploying the fix, email us at [securi
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2022-49329 kernel: vduse: Fix NULL pointer dereference on sysfs access
bugzilla·2025-02-26·CVSS 5.5
CVE-2022-49329 [MEDIUM] CVE-2022-49329 kernel: vduse: Fix NULL pointer dereference on sysfs access
CVE-2022-49329 kernel: vduse: Fix NULL pointer dereference on sysfs access
In the Linux kernel, the following vulnerability has been resolved:
vduse: Fix NULL pointer dereference on sysfs access
The control device has no drvdata. So we will get a
NULL pointer dereference when accessing control
device's msg_timeout attribute via sysfs:
[ 132.841881][ T3644] BUG: kernel NULL pointer dereference, address: 00000000000000f8
[ 132.850619][ T3644] RIP: 0010:msg_timeout_show (drivers/vdpa/vdpa_user/vduse_dev.c:1271)
[ 132.869447][ T3644] dev_attr_show (drivers/base/core.c:2094)
[ 132.870215][ T3644] sysfs_kf_seq_show (fs/sysfs/file.c:59)
[ 132.871164][ T3644] ? device_remove_bin_file (drivers/base/core.c:2088)
[ 132.872082][ T3644] kernfs_seq_show (fs/kernfs/file.c:164)
[ 132.872838][ T3644] s
Bugzilla
CVE-2022-1271 gzip: arbitrary-file-write vulnerability
bugzilla·2022-04-08·CVSS 8.8
CVE-2022-1271 [HIGH] CVE-2022-1271 gzip: arbitrary-file-write vulnerability
CVE-2022-1271 gzip: arbitrary-file-write vulnerability
The following vulnerability was published for xz-utils and gzip
The bug would result in arbitrary-file-write vulnerability
CVE-2022-1271[0]:
| zgrep, xzgrep: arbitrary-file-write vulnerability
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-1271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271
[1] https://www.openwall.com/lists/oss-security/2022/04/07/8
[2] https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6
[3] https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html
Discussion:
Created gzip tracking bugs for this issue:
Affects: fedora-all [bug 2073312]
---
Is there a fedora tracker for xz?
I filed a PR to apply the upstream patch:
https://s
https://access.redhat.com/security/cve/CVE-2022-1271https://bugzilla.redhat.com/show_bug.cgi?id=2073310https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.htmlhttps://security-tracker.debian.org/tracker/CVE-2022-1271https://security.gentoo.org/glsa/202209-01https://security.netapp.com/advisory/ntap-20220930-0006/https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patchhttps://www.openwall.com/lists/oss-security/2022/04/07/8https://access.redhat.com/security/cve/CVE-2022-1271https://bugzilla.redhat.com/show_bug.cgi?id=2073310https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.htmlhttps://security-tracker.debian.org/tracker/CVE-2022-1271https://security.gentoo.org/glsa/202209-01https://security.netapp.com/advisory/ntap-20220930-0006/https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patchhttps://www.openwall.com/lists/oss-security/2022/04/07/8
2022-08-31
Published