What is CVE-2022-1271?

CVE-2022-1271 is a vulnerability in Gzip, Xz-utils, classified under CWE-179. Published 2022-08-31.

Is CVE-2022-1271 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Gzip, Xz-utils

CVE-2022-1271

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-sel…

EPSS: 0.008 (74.6th percentile) — read the EPSS interpretation.

Affected products

N/a Gzip, Xz-utils — versions Fixed in gzip 1.12

Weakness classification (CWE)

CWE-179

Public proof-of-concept exploits

References

bugzilla.redhat.com/show_bug.cgi (x_refsource_MISC)
www.openwall.com/lists/oss-security/2022/04/07/8 (x_refsource_MISC)
lists.gnu.org/r/bug-gzip/2022-04/msg00011.html (x_refsource_MISC)
tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch (x_refsource_MISC)
git.tukaani.org/ (x_refsource_MISC)
security-tracker.debian.org/tracker/CVE-2022-1271 (x_refsource_MISC)
access.redhat.com/security/cve/CVE-2022-1271 (x_refsource_MISC)
GLSA-202209-01 (vendor-advisory, x_refsource_GENTOO)
security.netapp.com/advisory/ntap-20220930-0006/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2022-1271?: CVE-2022-1271 is a vulnerability in Gzip, Xz-utils, classified under CWE-179. Published 2022-08-31.
Is CVE-2022-1271 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.