N/A

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

N/A

不正确的行为次序：过早验证

GNU Gzip 输入验证错误漏洞

GNU Gzip是GNU社区的一款压缩/解压缩程序。 GNU Gzip 存在输入验证错误漏洞，该漏洞由于在处理具有两个或多个换行符的文件名时验证不足，因此存在该漏洞。远程攻击者可以强制 zgrep 或 xzgrep 在系统上写入任意文件。该漏洞允许远程攻击者破坏受影响的系统。

N/A

N/A