VDB

ALPINE-CVE-2022-1271

ALPINE-CVE-2022-1271 PUBLISHED CVSS 8.800000190734863 HIGH

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

Risk Scores

CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.18xz5.2.5-r0, 5.0.0-r0, 5.0.2-r0
Alpine:v3.24xz0
Alpine:v3.12xz5.2.0-r0, 0, 5.2.5-r0
Alpine:v3.17gzip0, 0, 1.10-r1
Alpine:v3.22xz0, 0, 5.2.5-r0
Alpine:v3.15gzip1.10-r0, 1.10-r1, 1.11-r0
Alpine:v3.14xz0, 0, 5.2.5-r0
Alpine:v3.23gzip0, 0, 1.9-r0
Alpine:v3.15xz0, 0, 5.2.5-r0
Alpine:v3.21gzip1.10-r0, 0, 1.9-r0
Alpine:v3.12gzip0, 0, 1.9-r0
Alpine:v3.14gzip0, 1.10-r0, 1.10-r1
Alpine:v3.13xz5.2.3-r0, 0, 5.2.5-r0
Alpine:v3.16xz0, 0, 5.2.5-r0
Alpine:v3.18gzip0, 0, 1.9-r0
Alpine:v3.17xz5.0.3-r0, 5.0.0-r0, 5.0.1-r0
Alpine:v3.21xz0, 5.0.0-r0, 5.0.1-r0
Alpine:v3.23xz0, 5.0.0-r0, 5.0.1-r0
Alpine:v3.13gzip1.3.13-r0, 1.8-r1, 0
Alpine:v3.20xz5.0.0-r0, 0, 0

…and 6 more

Timeline

  • Aug 31, 2022 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›