VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-yvpp-2w12-dycv

Essentials
Severities (50)
References (41)
Severity details (23)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-yvpp-2w12-dycv
Aliases	CVE-2022-1271
Summary	An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-179	Incorrect Behavior Order: Early Validation
CWE-1173	Improper Use of Validation Framework
CWE-20	Improper Input Validation

System	Score	Found at
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1271.json
cvssv3.1	8.8	https://access.redhat.com/security/cve/CVE-2022-1271
ssvc	Track	https://access.redhat.com/security/cve/CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00716	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00736	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00736	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
cvssv3.1	8.8	https://bugzilla.redhat.com/show_bug.cgi?id=2073310
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2073310
cvssv3.1	8.4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	8.8	https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6
ssvc	Track	https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6
cvssv3.1	8.8	https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html
ssvc	Track	https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2022-1271
archlinux	High	https://security.archlinux.org/AVG-2665
archlinux	High	https://security.archlinux.org/AVG-2666
cvssv3.1	8.8	https://security.gentoo.org/glsa/202209-01
ssvc	Track	https://security.gentoo.org/glsa/202209-01
cvssv3.1	8.8	https://security.netapp.com/advisory/ntap-20220930-0006/
ssvc	Track	https://security.netapp.com/advisory/ntap-20220930-0006/
cvssv3.1	8.8	https://security-tracker.debian.org/tracker/CVE-2022-1271
ssvc	Track	https://security-tracker.debian.org/tracker/CVE-2022-1271
cvssv3.1	8.8	https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch
ssvc	Track	https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch
cvssv3.1	8.8	https://www.openwall.com/lists/oss-security/2022/04/07/8
ssvc	Track	https://www.openwall.com/lists/oss-security/2022/04/07/8

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1271.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-1271
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1009167		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009167
202209-01		https://security.gentoo.org/glsa/202209-01
8		https://www.openwall.com/lists/oss-security/2022/04/07/8
ASA-202204-7		https://security.archlinux.org/ASA-202204-7
ASA-202204-8		https://security.archlinux.org/ASA-202204-8
AVG-2665		https://security.archlinux.org/AVG-2665
AVG-2666		https://security.archlinux.org/AVG-2666
cpe:2.3:a:gnu:gzip::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:gzip::::::::
cpe:2.3:a:redhat:jboss_data_grid:7.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_data_grid:7.0.0:::::::*
cpe:2.3:a:tukaani:xz::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tukaani:xz::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
CVE-2022-1271		https://access.redhat.com/security/cve/CVE-2022-1271
CVE-2022-1271		https://nvd.nist.gov/vuln/detail/CVE-2022-1271
CVE-2022-1271		https://security-tracker.debian.org/tracker/CVE-2022-1271
msg00011.html		https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html
ntap-20220930-0006		https://security.netapp.com/advisory/ntap-20220930-0006/
?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6		https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6
RHSA-2022:1537		https://access.redhat.com/errata/RHSA-2022:1537
RHSA-2022:1592		https://access.redhat.com/errata/RHSA-2022:1592
RHSA-2022:1665		https://access.redhat.com/errata/RHSA-2022:1665
RHSA-2022:1676		https://access.redhat.com/errata/RHSA-2022:1676
RHSA-2022:2191		https://access.redhat.com/errata/RHSA-2022:2191
RHSA-2022:4582		https://access.redhat.com/errata/RHSA-2022:4582
RHSA-2022:4896		https://access.redhat.com/errata/RHSA-2022:4896
RHSA-2022:4940		https://access.redhat.com/errata/RHSA-2022:4940
RHSA-2022:4991		https://access.redhat.com/errata/RHSA-2022:4991
RHSA-2022:4992		https://access.redhat.com/errata/RHSA-2022:4992
RHSA-2022:4993		https://access.redhat.com/errata/RHSA-2022:4993
RHSA-2022:4994		https://access.redhat.com/errata/RHSA-2022:4994
RHSA-2022:5052		https://access.redhat.com/errata/RHSA-2022:5052
RHSA-2022:5439		https://access.redhat.com/errata/RHSA-2022:5439
show_bug.cgi?id=2073310		https://bugzilla.redhat.com/show_bug.cgi?id=2073310
USN-5378-1		https://usn.ubuntu.com/5378-1/
USN-5378-2		https://usn.ubuntu.com/5378-2/
USN-5378-3		https://usn.ubuntu.com/5378-3/
USN-5378-4		https://usn.ubuntu.com/5378-4/
xzgrep-ZDI-CAN-16587.patch		https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1271.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/security/cve/CVE-2022-1271

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T14:55:46Z/ Found at https://access.redhat.com/security/cve/CVE-2022-1271

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2073310

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T14:55:46Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2073310

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T14:55:46Z/ Found at https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T14:55:46Z/ Found at https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1271

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202209-01

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T14:55:46Z/ Found at https://security.gentoo.org/glsa/202209-01

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20220930-0006/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T14:55:46Z/ Found at https://security.netapp.com/advisory/ntap-20220930-0006/

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security-tracker.debian.org/tracker/CVE-2022-1271

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T14:55:46Z/ Found at https://security-tracker.debian.org/tracker/CVE-2022-1271

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T14:55:46Z/ Found at https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.openwall.com/lists/oss-security/2022/04/07/8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T14:55:46Z/ Found at https://www.openwall.com/lists/oss-security/2022/04/07/8

Exploit Prediction Scoring System (EPSS)

Percentile	0.7148
EPSS Score	0.00716
Published At	Aug. 4, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:28:18.540987+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/v3.21/main.json	37.0.0