CVE-2005-1228

Currently unrated

Key Information:

Vendor: Gnu
Status: Gzip
Vendor: CVE Published:; 2 May 2005

Summary

Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.

References

http://lists.apple.com/archives/security-announce/2006//A...

vendor-advisoryx_refsource_APPLE

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305255

x_refsource_CONFIRM

http://www.osvdb.org/15721

vdb-entryx_refsource_OSVDB

EPSS Score

2% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Apr 22, 2005