FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-02 20:06:50 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b019585a-bfea-11ec-b46c-b42e991fc52e	zgrep -- arbitrary file write RedHat reports: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. Discovery 2022-04-07 Entry 2022-04-19 gzip < 1.12 CVE-2022-1271 https://bugzilla.redhat.com/show_bug.cgi?id=2073310
11a84092-8f9f-11db-ab33-000e0c2e438a	gzip -- multiple vulnerabilities Problem Description Multiple programming errors have been found in gzip which can be triggered when gzip is decompressing files. These errors include insufficient bounds checks in buffer use, a NULL pointer dereference, and a potential infinite loop. Impact The insufficient bounds checks in buffer use can cause gzip to crash, and may permit the execution of arbitrary code. The NULL pointer deference can cause gzip to crash. The infinite loop can cause a Denial-of-Service situation where gzip uses all available CPU time. Workaround No workaround is available. Discovery 2006-09-19 Entry 2006-12-19 Modified 2016-08-09 FreeBSD >= 6.1 lt 6.1_7 >= 6.0 lt 6.0_12 >= 5.5 lt 5.5_5 >= 5.4 lt 5.4_19 >= 5.3 lt 5.3_34 < 4.11_22 gzip < 1.3.12 CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 CVE-2006-4338 SA-06:21.gzip

VuXML ID

Description

b019585a-bfea-11ec-b46c-b42e991fc52e

zgrep -- arbitrary file write

RedHat reports:

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

Discovery 2022-04-07
Entry 2022-04-19
gzip

< 1.12

CVE-2022-1271
https://bugzilla.redhat.com/show_bug.cgi?id=2073310

11a84092-8f9f-11db-ab33-000e0c2e438a

gzip -- multiple vulnerabilities

Problem Description

Multiple programming errors have been found in gzip which can be triggered when gzip is decompressing files. These errors include insufficient bounds checks in buffer use, a NULL pointer dereference, and a potential infinite loop.

Impact

The insufficient bounds checks in buffer use can cause gzip to crash, and may permit the execution of arbitrary code. The NULL pointer deference can cause gzip to crash. The infinite loop can cause a Denial-of-Service situation where gzip uses all available CPU time.

Workaround

No workaround is available.

Discovery 2006-09-19
Entry 2006-12-19
Modified 2016-08-09
FreeBSD

>= 6.1 lt 6.1_7

>= 6.0 lt 6.0_12

>= 5.5 lt 5.5_5

>= 5.4 lt 5.4_19

>= 5.3 lt 5.3_34

< 4.11_22

gzip

< 1.3.12

CVE-2006-4334
CVE-2006-4335
CVE-2006-4336
CVE-2006-4337
CVE-2006-4338
SA-06:21.gzip