Buffer Overflow Vulnerability in Gzip by Info-ZIP Software
CVE-2001-1228

Currently unrated

Key Information:

Vendor: Gnu
Status: Gzip
Vendor: CVE Published:; 18 November 2001

Summary

Gzip versions 1.3x and 1.2.4 possess a buffer overflow vulnerability that could be exploited by attackers through the use of excessively long file names. This flaw may enable the execution of arbitrary code on systems where Gzip operates, particularly if it is utilized on an FTP server. Proper precautions and updates should be implemented to mitigate this risk.

References

http://online.securityfocus.com/archive/1/247717

mailing-listx_refsource_BUGTRAQ

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBS...

vendor-advisoryx_refsource_NETBSD

http://www.iss.net/security_center/static/7882.php

vdb-entryx_refsource_XF

Timeline

Vulnerability Reserved
Apr 11, 2002
Vulnerability published
Nov 18, 2001