ROS-20250226-34

A vulnerability in the gzipdowrite function of the zlib compression library of the cURL command-line utility is related to an integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely, bypass the ASLR protection mechanism, execute arbitrary code, or cause a denia...

Advisory ROSA-SA-2025-2701

Software: gzip 1.9 OS: ROSA Virtualization 3.0 packageevrstring: gzip-1.9 CVE-ID: CVE-2022-1271 BDU-ID: 2022-02113 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the gzip library is related to errors in file name handling. Exploitation of the vulnerability could allow an attacker acting remotely to...

Stack exhaustion when reading certain archives in compress/gzip

...

CLSA-2022-1653005178 Fixed CVE-2022-1271 in gzip

CVE-2022-1271: Fix arbitrary file override with crafted file names...

CLSA-2022-1652801135 Fixed CVE-2022-1271 in gzip

CVE-2022-1271: Fix arbitrary file override with crafted file names...

The vulnerability of the gzip library, related to errors in file name processing, allows attackers to write any files into the system.

The vulnerability of the gzip library is related to errors in processing file names. Exploiting this vulnerability allows a malicious actor to write arbitrary files into the system using the command-line utilities zgrep and xzgrep...

CVE-2021-32841

CVE-2021-32841 affects SharpZipLib (aka #ziplib). In versions 1.3.0 through 1.3.2, a check to ensure the destination file is under the destination directory could be bypassed if destDir was not slash-terminated (e.g., “/home/user/dir”). This could allow creating a file whose name begins with the ...

CVE-2021-32842

CVE-2021-32842 affects SharpZipLib (aka #ziplib). The issue is a path traversal flaw where a non-slash-terminated _baseDirectory allows creating a file whose name begins with the destination directory (e.g., /home/user/dir.sh), enabling arbitrary file creation. Versions 1.0.0 through 1.3.2 are af...