Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-37434

Опубликовано: 05 авг. 2022
Источник: redhat
CVSS3: 7

Описание

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

A security vulnerability was found in zlib. The flaw triggered a heap-based buffer in inflate in the inflate.c function via a large gzip header extra field. This flaw is only applicable in the call inflateGetHeader.

Отчет

While some Red Hat Products bundle the affected zlib source code, in many cases it is not possible for an attacker to trigger the vulnerable function.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat build of Quarkusorg.rocksdb/rocksdbjniWill not fix
Red Hat Enterprise Linux 6zlibOut of support scope
Red Hat Enterprise Linux 7zlibFixedRHSA-2023:109507.03.2023
Red Hat Enterprise Linux 8zlibFixedRHSA-2022:710625.10.2022
Red Hat Enterprise Linux 8rsyncFixedRHSA-2022:779308.11.2022
Red Hat Enterprise Linux 8.6 Extended Update SupportrsyncFixedRHSA-2024:025415.01.2024
Red Hat Enterprise Linux 9zlibFixedRHSA-2022:731402.11.2022
Red Hat Enterprise Linux 9rsyncFixedRHSA-2022:829115.11.2022
Red Hat Enterprise Linux 9zlibFixedRHSA-2022:731402.11.2022
Red Hat Enterprise Linux 9rsyncFixedRHSA-2022:829115.11.2022

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=2116639zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field

7 High

CVSS3

Связанные уязвимости

CVSS3: 9.8
ubuntu
около 3 лет назад

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

CVSS3: 9.8
nvd
около 3 лет назад

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

CVSS3: 9.8
msrc
почти 3 года назад

Описание отсутствует

CVSS3: 9.8
debian
около 3 лет назад

zlib through 1.2.12 has a heap-based buffer over-read or buffer overfl ...

suse-cvrf
почти 3 года назад

Security update for zlib

7 High

CVSS3