GNU Gzip 1.3.7

CPE Details

GNU Gzip 1.3.7
gnu
gzip
1.3.7
2019-05-23
12h30 +00:00
2023-06-06
17h01 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnu:gzip:1.3.7:*:*:*:*:*:*:*

Informations

Vendor

gnu

Product

gzip

Version

1.3.7

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-1271 2022-08-31 13h33 +00:00 An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
8.8
High
CVE-2009-2624 2010-01-29 17h00 +00:00 The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.
6.8
CVE-2010-0001 2010-01-29 17h00 +00:00 Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
6.8