16 years ago, there was a bug reported to zgrep where files with 1 newline cause... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		TheDong on April 18, 2022 \| parent \| context \| favorite \| on: Arbitrary file write vulnerability in GNU gzip's z... 16 years ago, there was a bug reported to zgrep where files with 1 newline caused it to behave incorrectly. It was patched without a CVE https://git.savannah.gnu.org/cgit/gzip.git/commit/zgrep.in?i... This year, there was a bug reported to zgrep where files with 2 newlines caused it to behave incorrectly. It got a CVE and a front page hacker news post. I give it very good odds this vulnerability has seen next to zero exploitation in the wild in either of the two cases above.

bombcar on April 19, 2022 [–]

So we’re 16 years out from the three new line bug.

_Algernon_ on April 19, 2022 | [–]

https://xkcd.com/605/

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact