Описание
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
A security vulnerability was found in zlib. The flaw triggered a heap-based buffer in inflate in the inflate.c function via a large gzip header extra field. This flaw is only applicable in the call inflateGetHeader.
Отчет
While some Red Hat Products bundle the affected zlib source code, in many cases it is not possible for an attacker to trigger the vulnerable function.
Затронутые пакеты
Платформа | Пакет | Состояние | Рекомендация | Релиз |
---|---|---|---|---|
Red Hat build of Quarkus | org.rocksdb/rocksdbjni | Will not fix | ||
Red Hat Enterprise Linux 6 | zlib | Out of support scope | ||
Red Hat Enterprise Linux 7 | zlib | Fixed | RHSA-2023:1095 | 07.03.2023 |
Red Hat Enterprise Linux 8 | zlib | Fixed | RHSA-2022:7106 | 25.10.2022 |
Red Hat Enterprise Linux 8 | rsync | Fixed | RHSA-2022:7793 | 08.11.2022 |
Red Hat Enterprise Linux 8.6 Extended Update Support | rsync | Fixed | RHSA-2024:0254 | 15.01.2024 |
Red Hat Enterprise Linux 9 | zlib | Fixed | RHSA-2022:7314 | 02.11.2022 |
Red Hat Enterprise Linux 9 | rsync | Fixed | RHSA-2022:8291 | 15.11.2022 |
Red Hat Enterprise Linux 9 | zlib | Fixed | RHSA-2022:7314 | 02.11.2022 |
Red Hat Enterprise Linux 9 | rsync | Fixed | RHSA-2022:8291 | 15.11.2022 |
Показывать по
Дополнительная информация
Статус:
7 High
CVSS3
Связанные уязвимости
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
zlib through 1.2.12 has a heap-based buffer over-read or buffer overfl ...
7 High
CVSS3