What is CVE-2001-1228?

CVE-2001-1228 is a vulnerability in Gnu Gzip. Published 2001-11-18.

Is CVE-2001-1228 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Gnu Gzip

CVE-2001-1228

Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server.

EPSS: 0.031 (85.9th percentile) — read the EPSS interpretation.

Affected products

Gnu Gzip — versions 1.2.4, 1.2.4a, 1.3
N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cvemon
ethoxx/noninvasive-oobw-characterization
hafklin/noninvasive-oobw-characterization
utwente-scs/divak

References

cve@mitre.org (Vendor Advisory, mailing-list, x_refsource_BUGTRAQ, Patch)
cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2001-1228?: CVE-2001-1228 is a vulnerability in Gnu Gzip. Published 2001-11-18.
Is CVE-2001-1228 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.