Improper input validation in Gnu Gzip

CVE-2003-0367

znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.004 (35.4th percentile) — read the EPSS interpretation.

Affected products

Gnu Gzip
Debian Debian_linux — versions 2.2, 3.0
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
cve@mitre.org (vendor-advisory, x_refsource_TURBO, Patch, Third Party Advisory)
cve@mitre.org (vendor-advisory, Patch, Third Party Advisory, x_refsource_DEBIAN)
cve@mitre.org (vendor-advisory, Third Party Advisory, x_refsource_MANDRAKE)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)