ROS-20250226-34

A vulnerability in the gzipdowrite function of the zlib compression library of the cURL command-line utility is related to an integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely, bypass the ASLR protection mechanism, execute arbitrary code, or cause a denia...

Advisory ROSA-SA-2025-2701

Software: gzip 1.9 OS: ROSA Virtualization 3.0 packageevrstring: gzip-1.9 CVE-ID: CVE-2022-1271 BDU-ID: 2022-02113 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gzip library is related to errors in file name handling. Exploitation of the vulnerability could allow an attacker acting remotely to...

Stack exhaustion when reading certain archives in compress/gzip

...

CLSA-2022-1653005178 Fixed CVE-2022-1271 in gzip

CVE-2022-1271: Fix arbitrary file override with crafted file names...

CLSA-2022-1652801135 Fixed CVE-2022-1271 in gzip

CVE-2022-1271: Fix arbitrary file override with crafted file names...

CVE-2021-32841

CVE-2021-32841 affects SharpZipLib (aka #ziplib). In versions 1.3.0 through 1.3.2, a check to ensure the destination file is under the destination directory could be bypassed if destDir was not slash-terminated (e.g., “/home/user/dir”). This could allow creating a file whose name begins with the ...

CVE-2021-32842

CVE-2021-32842 affects SharpZipLib (aka #ziplib). The issue is a path traversal flaw where a non-slash-terminated _baseDirectory allows creating a file whose name begins with the destination directory (e.g., /home/user/dir.sh), enabling arbitrary file creation. Versions 1.0.0 through 1.3.2 are af...