Description
Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server.
References (4)
Core 4
Core References
Patch, Vendor Advisory mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/247717
Vendor Advisory vendor-advisory
x_refsource_netbsd
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-002.txt.asc
Third Party Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/7882.php
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/3712
Scores
EPSS
0.0133
EPSS Percentile
80.2%
Details
Status
published
Products (3)
gnu/gzip
1.2.4
gnu/gzip
1.2.4a
gnu/gzip
1.3
Published
Nov 18, 2001
Tracked Since
Feb 18, 2026