Vulnerability Details : CVE-2022-1271
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2022-1271
Probability of exploitation activity in the next 30 days: 0.72%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 80 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-1271
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2022-1271
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
The product validates input before applying protection mechanisms that modify the input, which could allow an attacker to bypass the validation via dangerous inputs that only arise after the modification.Assigned by: secalert@redhat.com (Secondary)
-
The product does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2022-1271
-
https://bugzilla.redhat.com/show_bug.cgi?id=2073310
2073310 – (CVE-2022-1271) CVE-2022-1271 gzip: arbitrary-file-write vulnerabilityIssue Tracking;Third Party Advisory
-
https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html
bug#54772: gzip-1.12 released [stable]Mailing List;Patch;Vendor Advisory
-
https://security.gentoo.org/glsa/202209-01
GNU Gzip, XZ Utils: Arbitrary file write (GLSA 202209-01) — Gentoo securityThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20220930-0006/
CVE-2022-1271 GNU Gzip Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch
Patch;Third Party Advisory
-
https://access.redhat.com/security/cve/CVE-2022-1271
CVE-2022-1271- Red Hat Customer PortalThird Party Advisory
-
https://security-tracker.debian.org/tracker/CVE-2022-1271
CVE-2022-1271Third Party Advisory
-
https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6
git.tukaani.org - xz.git/commitMailing List;Patch;Third Party Advisory
-
https://www.openwall.com/lists/oss-security/2022/04/07/8
oss-security - zgrep, xzgrep: arbitrary-file-write vulnerabilityMailing List;Patch;Third Party Advisory
Products affected by CVE-2022-1271
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gzip:*:*:*:*:*:*:*:*