VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-zgc5-nzyz-aaan

Essentials
Severities (125)
References (42)
Severity details (24)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-zgc5-nzyz-aaan
Aliases	CVE-2022-1271
Summary	An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-20	Improper Input Validation
CWE-179	Incorrect Behavior Order: Early Validation
CWE-1173	Improper Use of Validation Framework

System	Score	Found at
rhas	Important	https://access.redhat.com/errata/RHSA-2022:1537
rhas	Important	https://access.redhat.com/errata/RHSA-2022:1592
rhas	Important	https://access.redhat.com/errata/RHSA-2022:1665
rhas	Important	https://access.redhat.com/errata/RHSA-2022:1676
rhas	Important	https://access.redhat.com/errata/RHSA-2022:2191
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4582
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4896
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4940
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4991
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4992
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4993
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4994
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5052
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5439
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1271.json
cvssv3.1	8.8	https://access.redhat.com/security/cve/CVE-2022-1271
ssvc	Track	https://access.redhat.com/security/cve/CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.0069	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00695	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00695	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00695	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00695	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00695	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00695	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00695	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.00695	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.01236	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.01236	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.01236	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.01236	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.01236	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.01236	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.01236	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.01236	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.01236	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.01236	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.01236	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.01236	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.01422	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.06973	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.07629	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.07897	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
epss	0.07897	https://api.first.org/data/v1/epss?cve=CVE-2022-1271
cvssv3.1	8.8	https://bugzilla.redhat.com/show_bug.cgi?id=2073310
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2073310
cvssv3.1	8.4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	8.8	https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6
ssvc	Track	https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6
cvssv3.1	8.8	https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html
ssvc	Track	https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html
cvssv3	8.8	https://nvd.nist.gov/vuln/detail/CVE-2022-1271
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2022-1271
archlinux	High	https://security.archlinux.org/AVG-2665
archlinux	High	https://security.archlinux.org/AVG-2666
cvssv3.1	8.8	https://security.gentoo.org/glsa/202209-01
ssvc	Track	https://security.gentoo.org/glsa/202209-01
cvssv3.1	8.8	https://security.netapp.com/advisory/ntap-20220930-0006/
ssvc	Track	https://security.netapp.com/advisory/ntap-20220930-0006/
cvssv3.1	8.8	https://security-tracker.debian.org/tracker/CVE-2022-1271
ssvc	Track	https://security-tracker.debian.org/tracker/CVE-2022-1271
cvssv3.1	8.8	https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch
ssvc	Track	https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch
cvssv3.1	8.8	https://www.openwall.com/lists/oss-security/2022/04/07/8
ssvc	Track	https://www.openwall.com/lists/oss-security/2022/04/07/8

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1271.json
		https://access.redhat.com/security/cve/CVE-2022-1271
		https://api.first.org/data/v1/epss?cve=CVE-2022-1271
		https://bugzilla.redhat.com/show_bug.cgi?id=2073310
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6
		https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6
		https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html
		https://security.gentoo.org/glsa/202209-01
		https://security.netapp.com/advisory/ntap-20220930-0006/
		https://security-tracker.debian.org/tracker/CVE-2022-1271
		https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch
		https://www.openwall.com/lists/oss-security/2022/04/07/8
1009167		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009167
ASA-202204-7		https://security.archlinux.org/ASA-202204-7
ASA-202204-8		https://security.archlinux.org/ASA-202204-8
AVG-2665		https://security.archlinux.org/AVG-2665
AVG-2666		https://security.archlinux.org/AVG-2666
cpe:2.3:a:gnu:gzip::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:gzip::::::::
cpe:2.3:a:redhat:jboss_data_grid:7.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_data_grid:7.0.0:::::::*
cpe:2.3:a:tukaani:xz::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tukaani:xz::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
CVE-2022-1271		https://nvd.nist.gov/vuln/detail/CVE-2022-1271
RHSA-2022:1537		https://access.redhat.com/errata/RHSA-2022:1537
RHSA-2022:1592		https://access.redhat.com/errata/RHSA-2022:1592
RHSA-2022:1665		https://access.redhat.com/errata/RHSA-2022:1665
RHSA-2022:1676		https://access.redhat.com/errata/RHSA-2022:1676
RHSA-2022:2191		https://access.redhat.com/errata/RHSA-2022:2191
RHSA-2022:4582		https://access.redhat.com/errata/RHSA-2022:4582
RHSA-2022:4896		https://access.redhat.com/errata/RHSA-2022:4896
RHSA-2022:4940		https://access.redhat.com/errata/RHSA-2022:4940
RHSA-2022:4991		https://access.redhat.com/errata/RHSA-2022:4991
RHSA-2022:4992		https://access.redhat.com/errata/RHSA-2022:4992
RHSA-2022:4993		https://access.redhat.com/errata/RHSA-2022:4993
RHSA-2022:4994		https://access.redhat.com/errata/RHSA-2022:4994
RHSA-2022:5052		https://access.redhat.com/errata/RHSA-2022:5052
RHSA-2022:5439		https://access.redhat.com/errata/RHSA-2022:5439
USN-5378-1		https://usn.ubuntu.com/5378-1/
USN-5378-2		https://usn.ubuntu.com/5378-2/
USN-5378-3		https://usn.ubuntu.com/5378-3/
USN-5378-4		https://usn.ubuntu.com/5378-4/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1271.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/security/cve/CVE-2022-1271

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T14:55:46Z/ Found at https://access.redhat.com/security/cve/CVE-2022-1271

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2073310

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T14:55:46Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2073310

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T14:55:46Z/ Found at https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T14:55:46Z/ Found at https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1271

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1271

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202209-01

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T14:55:46Z/ Found at https://security.gentoo.org/glsa/202209-01

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20220930-0006/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T14:55:46Z/ Found at https://security.netapp.com/advisory/ntap-20220930-0006/

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security-tracker.debian.org/tracker/CVE-2022-1271

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T14:55:46Z/ Found at https://security-tracker.debian.org/tracker/CVE-2022-1271

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T14:55:46Z/ Found at https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.openwall.com/lists/oss-security/2022/04/07/8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T14:55:46Z/ Found at https://www.openwall.com/lists/oss-security/2022/04/07/8

Exploit Prediction Scoring System (EPSS)

Percentile	0.69125
EPSS Score	0.00672
Published At	April 9, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.