This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
11a84092-8f9f-11db-ab33-000e0c2e438a | gzip -- multiple vulnerabilitiesProblem DescriptionMultiple programming errors have been found in gzip which can be triggered when gzip is decompressing files. These errors include insufficient bounds checks in buffer use, a NULL pointer dereference, and a potential infinite loop. ImpactThe insufficient bounds checks in buffer use can cause gzip to crash, and may permit the execution of arbitrary code. The NULL pointer deference can cause gzip to crash. The infinite loop can cause a Denial-of-Service situation where gzip uses all available CPU time. WorkaroundNo workaround is available. Discovery 2006-09-19 Entry 2006-12-19 Modified 2016-08-09 FreeBSD ge 6.1 lt 6.1_7 ge 6.0 lt 6.0_12 ge 5.5 lt 5.5_5 ge 5.4 lt 5.4_19 ge 5.3 lt 5.3_34 < 4.11_22 gzip < 1.3.12 CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 CVE-2006-4338 SA-06:21.gzip |
b019585a-bfea-11ec-b46c-b42e991fc52e | zgrep -- arbitrary file write RedHat reports:
Discovery 2022-04-07 Entry 2022-04-19 gzip < 1.12 CVE-2022-1271 https://bugzilla.redhat.com/show_bug.cgi?id=2073310 |
63bd4bad-dffe-11d9-b875-0001020eed82 | gzip -- directory traversal and permission race vulnerabilitiesProblem DescriptionTwo problems related to extraction of files exist in gzip: The first problem is that gzip does not properly sanitize filenames containing "/" when uncompressing files using the -N command line option. The second problem is that gzip does not set permissions on newly extracted files until after the file has been created and the file descriptor has been closed. ImpactThe first problem can allow an attacker to overwrite arbitrary local files when uncompressing a file using the -N command line option. The second problem can allow a local attacker to change the permissions of arbitrary local files, on the same partition as the one the user is uncompressing a file on, by removing the file the user is uncompressing and replacing it with a hardlink before the uncompress operation is finished. WorkaroundDo not use the -N command line option on untrusted files and do not uncompress files in directories where untrusted users have write access. Discovery 2005-04-20 Entry 2005-06-18 Modified 2005-07-06 FreeBSD ge 5.4 lt 5.4_2 ge 5.0 lt 5.3_16 ge 4.11 lt 4.11_10 ge 4.10 lt 4.10_15 ge 4.9 lt 4.9_18 < 4.8_33 gzip < 1.3.5_2 CVE-2005-0988 CVE-2005-1228 SA-05:11.gzip http://marc.theaimsgroup.com/?l=bugtraq&m=111271860708210 http://marc.theaimsgroup.com/?l=bugtraq&m=111402732406477 |