CVE-2022-37434: [https://nvd.nist.gov/vuln/detail/CVE-2022-37434]
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2022-37434 fixed 9.8 N L N N H
CVE-2022-37434: [https:/ /nvd.nist. gov/vuln/ detail/ CVE-2022- 37434]
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2022-37434 fixed 9.8 N L N N H
References: /security- tracker. debian. org/tracker/ DSA-5218- 1
https:/
['zlib1g_ 1:1.2.11. dfsg-2_ amd64.deb= ==>zlib1g_ 1:1.2.11. dfsg-2+ deb11u2_ amd64.deb' , 'zlib1g- dev_1:1. 2.11.dfsg- 2_amd64. deb===> zlib1g- dev_1:1. 2.11.dfsg- 2+deb11u2_ amd64.deb' ]
Found during August 2022 CVE scan using vulscan