FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
11a84092-8f9f-11db-ab33-000e0c2e438agzip -- multiple vulnerabilities

Problem Description

Multiple programming errors have been found in gzip which can be triggered when gzip is decompressing files. These errors include insufficient bounds checks in buffer use, a NULL pointer dereference, and a potential infinite loop.

Impact

The insufficient bounds checks in buffer use can cause gzip to crash, and may permit the execution of arbitrary code. The NULL pointer deference can cause gzip to crash. The infinite loop can cause a Denial-of-Service situation where gzip uses all available CPU time.

Workaround

No workaround is available.


Discovery 2006-09-19
Entry 2006-12-19
Modified 2016-08-09
FreeBSD
ge 6.1 lt 6.1_7

ge 6.0 lt 6.0_12

ge 5.5 lt 5.5_5

ge 5.4 lt 5.4_19

ge 5.3 lt 5.3_34

lt 4.11_22

gzip
lt 1.3.12

CVE-2006-4334
CVE-2006-4335
CVE-2006-4336
CVE-2006-4337
CVE-2006-4338
SA-06:21.gzip
b019585a-bfea-11ec-b46c-b42e991fc52ezgrep -- arbitrary file write

RedHat reports:

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.


Discovery 2022-04-07
Entry 2022-04-19
gzip
lt 1.12

CVE-2022-1271
https://bugzilla.redhat.com/show_bug.cgi?id=2073310