Debian CVE-2022-37434 / CVE-2018-25032 : zlib: multiple CVEs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Zhixiong Chi |
Bug Description
CVE-2022-37434: [https:/
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
CVE-2018-25032: [https:/
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2022-37434 fixed 9.8 N L N N H
CVE-2018-25032 fixed 7.5 N L N N H
References:
https:/
['zlib1g_
Found during August 2022 CVE scan using vulscan
CVE References
summary: |
- [Debian] CVE-2022-37434: zlib: a heap-based buffer over-read or buffer - overflow + Debian CVE-2022-37434 / CVE-2018-25032 : zlib: multiple CVEs |
description: | updated |
Changed in starlingx: | |
status: | Triaged → In Progress |
screening: stx.8.0 / medium - CVE meets the stx fix criteria