---

CVE-2022-1271 - log back

CVE-2022-1271 edited at 12 Apr 2022 18:10:56
Type	- Arbitrary file overwrite + Arbitrary command execution

CVE-2022-1271 edited at 07 Apr 2022 21:54:17

Description

+ Malicious filenames with two or more newlines can make zgrep and xzgrep to write to arbitrary files or (with a GNU sed extension) lead to arbitrary code execution. The issue with the old code is that with multiple newlines, the N-command will read the second line of input, then the s-commands will be skipped because it's not the end of the file yet, then a new sed cycle starts and the pattern space is printed and emptied. So only the last line or two get escaped. - Malicious filenames with two or more newlines can make zgrep and xzgrep to write to arbitrary files or (with a GNU sed extension) lead to arbitrary code execution. - - The issue with the old code is that with multiple newlines, the N-command will read the second line of input, then the s-commands will be skipped because it's not the end of - the file yet, then a new sed cycle starts and the pattern space is printed and emptied. So only the last line or two get escaped.

CVE-2022-1271 created at 07 Apr 2022 21:46:52
Severity	+ High
Remote	+ Local
Type	+ Arbitrary file overwrite
Description	+ Malicious filenames with two or more newlines can make zgrep and xzgrep to write to arbitrary files or (with a GNU sed extension) lead to arbitrary code execution. + + The issue with the old code is that with multiple newlines, the N-command will read the second line of input, then the s-commands will be skipped because it's not the end of + the file yet, then a new sed cycle starts and the pattern space is printed and emptied. So only the last line or two get escaped.
References	+ https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=dc9740df61e575e8c3148b7bd3c147a81ea00c7c + https://savannah.gnu.org/forum/forum.php?forum_id=10157 + https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6 + https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch + https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch.sig
Notes	+ xzgrep from XZ Utils versions up to and including 5.2.5 are affected. 5.3.1alpha and 5.3.2alpha are affected as well. + This bug was inherited into xzgrep from gzip's zgrep. + gzip 1.12 includes a fix for zgrep.