What is CVE-2005-0758?

CVE-2005-0758 is a vulnerability in Gnu Gzip. Published 2005-05-13.

Is CVE-2005-0758 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Gnu Gzip

CVE-2005-0758

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

EPSS: 0.005 (40.5th percentile) — read the EPSS interpretation.

Affected products

Gnu Gzip
Canonical Ubuntu_linux — versions 4.10, 5.04
N/a — versions n/a

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_OSVDB, vdb-entry, Broken Link)
secalert@redhat.com (Permissions Required, x_refsource_FEDORA, vendor-advisory, Broken Link)
secalert@redhat.com (Third Party Advisory, vdb-entry, x_refsource_VUPEN)
secalert@redhat.com (vendor-advisory, Third Party Advisory, x_refsource_MANDRIVA)
secalert@redhat.com (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (vendor-advisory, x_refsource_APPLE, Mailing List, Third Party Advisory)
secalert@redhat.com (vendor-advisory, Third Party Advisory, x_refsource_OPENPKG)
secalert@redhat.com (x_refsource_OVAL, signature, Third Party Advisory, vdb-entry)

Frequently asked questions

What is CVE-2005-0758?: CVE-2005-0758 is a vulnerability in Gnu Gzip. Published 2005-05-13.
Is CVE-2005-0758 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.