CVE-2004-0970 in gzipinfo

Summary

The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

10/19/2004

Disclosure

02/09/2005

Moderation

VulDB entry created

Entries

VDB-975 (1)

CPE

ready

CWE

CWE-269 (Confirmed)

CVSS

5.0

EPSS

0.00098

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2004-0970
NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-0970
CVE Details	https://www.cvedetails.com/cve/CVE-2004-0970/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!