Vulnerability in Gnu Gzip
CVE-2005-1228
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.
EPSS: 0.036 (87.9th percentile) — read the EPSS interpretation.
Affected products
- Gnu Gzip — versions 1.2.4, 1.3.3
- N/a — versions n/a
References
- cve@mitre.org (vendor-advisory, x_refsource_APPLE)
- cve@mitre.org (x_refsource_CONFIRM, Patch)
- cve@mitre.org (x_refsource_OSVDB, vdb-entry)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (vdb-entry, x_refsource_VUPEN)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (vendor-advisory, x_refsource_DEBIAN)
- cve@mitre.org (vendor-advisory, x_refsource_SUNALERT)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory)