CVE-2015-4035

Published: Jul 25, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20150518 CVE request: xzgrep 4.999.9beta arbitrary code execution vulnerability

mailing-list

x_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=1223341

x_refsource_CONFIRM

https://git.tukaani.org/?p=xz.git%3Ba=commitdiff%3Bh=f4b2b52624b802c786e4e2a8eb6895794dd93b24

x_refsource_CONFIRM

[oss-security] 20150519 Re: CVE request: xzgrep 4.999.9beta arbitrary code execution vulnerability

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-4035

Description

Affected Products

References