2022-10-25 05:27:52 |
Yue Tao |
description |
CVE-2022-37434: [https://nvd.nist.gov/vuln/detail/CVE-2022-37434]
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2022-37434 fixed 9.8 N L N N H
References:
https://security-tracker.debian.org/tracker/DSA-5218-1
['zlib1g_1:1.2.11.dfsg-2_amd64.deb===>zlib1g_1:1.2.11.dfsg-2+deb11u2_amd64.deb', 'zlib1g-dev_1:1.2.11.dfsg-2_amd64.deb===>zlib1g-dev_1:1.2.11.dfsg-2+deb11u2_amd64.deb']
Found during August 2022 CVE scan using vulscan |
CVE-2022-37434: [https://nvd.nist.gov/vuln/detail/CVE-2022-37434]
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
CVE-2018-25032: [https://nvd.nist.gov/vuln/detail/CVE-2018-25032]
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2022-37434 fixed 9.8 N L N N H
CVE-2018-25032 fixed 7.5 N L N N H
References:
https://security-tracker.debian.org/tracker/DSA-5218-1
['zlib1g_1:1.2.11.dfsg-2_amd64.deb===>zlib1g_1:1.2.11.dfsg-2+deb11u2_amd64.deb', 'zlib1g-dev_1:1.2.11.dfsg-2_amd64.deb===>zlib1g-dev_1:1.2.11.dfsg-2+deb11u2_amd64.deb']
Found during August 2022 CVE scan using vulscan |
|