Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu gzip vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-4337
Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent malicious users to execute arbitrary code via a crafted decoding table in a GZIP archive.
Gzip Gzip 1.3.5
NA
CVE-2005-0758
zgrep in gzip prior to 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
Gnu Gzip
Canonical Ubuntu Linux 4.10
Canonical Ubuntu Linux 5.04
2 Github repositories
NA
CVE-2005-1228
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 up to and including 1.3.5 allows remote malicious users to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.
Gnu Gzip 1.2.4
Gnu Gzip 1.3.3
NA
CVE-2005-0988
Race condition in gzip 1.2.4, 1.3.3, and previous versions, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompressio...
Gnu Gzip 1.2.4
Gnu Gzip 1.2.4a
Gnu Gzip 1.3.3
Freebsd Freebsd 4.1.1
Freebsd Freebsd 4.11
Freebsd Freebsd 4.4
Freebsd Freebsd 4.5
Freebsd Freebsd 4.6
Freebsd Freebsd 4.7
Freebsd Freebsd 4.9
Freebsd Freebsd 5.1
Freebsd Freebsd 5.3
Redhat Enterprise Linux 2.1
Redhat Enterprise Linux 4.0
Redhat Enterprise Linux Desktop 3.0
Turbolinux Turbolinux Appliance Server 1.0 Hosting
Turbolinux Turbolinux Appliance Server 1.0 Workgroup
Ubuntu Ubuntu Linux 4.1
Freebsd Freebsd 4.0
Freebsd Freebsd 4.10
Freebsd Freebsd 4.3
Freebsd Freebsd 4.8
NA
CVE-2004-0970
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.
Gnu Gzip 1.2.4a
NA
CVE-2004-0603
gzexe in gzip 1.3.3 and previous versions will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.
Gnu Gzip
NA
CVE-2004-1349
gzip prior to 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.
Oracle Solaris 8
Gnu Gzip
NA
CVE-2003-0367
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Gnu Gzip
Debian Debian Linux 2.2
Debian Debian Linux 3.0
NA
CVE-2002-1245
Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program.
Frank Mcingvale Luxman 0.41
NA
CVE-2001-1228
Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow malicious users to execute code via a long file name, possibly remotely if gzip is run on an FTP server.
Gnu Gzip 1.3
Gnu Gzip 1.2.4a
Gnu Gzip 1.2.4
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2