Description


zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

References


http://seclists.org/fulldisclosure/2022/May/33

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/May/35

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/May/38

Mailing ListThird Party Advisory


http://www.openwall.com/lists/oss-security/2022/03/26/1

ExploitMailing ListThird Party Advisory




https://github.com/madler/zlib/issues/605

Issue TrackingPatchThird Party Advisory


















https://www.openwall.com/lists/oss-security/2022/03/28/1

ExploitMailing ListThird Party Advisory


Weaknesses



CWE-787

CVSS impact metrics


CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-03-25T09:15:08.187

3 years ago

Last modified

2023-11-07T02:56:26.393

1 year ago