Description

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Related CPE's

a

zlib

zlib

Vulnerable

o

debian

debian_linux

3

o

fedoraproject

fedora

3

o

apple

mac_os_x

15

o

apple

macos

2

a

python

python

4

a

mariadb

mariadb

7

a

netapp

active_iq_unified_manager

-

*

*

*

*

vmware_vsphere

Vulnerable

a

netapp

e-series_santricity_os_controller

Vulnerable

a

netapp

management_services_for_element_software

-

Vulnerable

a

netapp

oncommand_workflow_automation

-

Vulnerable

a

netapp

ontap_select_deploy_administration_utility

-

Vulnerable

h

netapp

hci_compute_node

-

Vulnerable

o

netapp

h300s_firmware

-

Vulnerable

h

netapp

h300s

-

o

netapp

h500s_firmware

-

Vulnerable

h

netapp

h500s

-

o

netapp

h700s_firmware

-

Vulnerable

h

netapp

h700s

-

o

netapp

h410s_firmware

-

Vulnerable

h

netapp

h410s

-

o

netapp

h410c_firmware

-

Vulnerable

h

netapp

h410c

-

o

siemens

scalance_sc622-2c_firmware

Vulnerable

h

siemens

scalance_sc622-2c

-

o

siemens

scalance_sc626-2c_firmware

Vulnerable

h

siemens

scalance_sc626-2c

-

o

siemens

scalance_sc632-2c_firmware

Vulnerable

h

siemens

scalance_sc632-2c

-

o

siemens

scalance_sc636-2c_firmware

Vulnerable

h

siemens

scalance_sc636-2c

-

o

siemens

scalance_sc642-2c_firmware

Vulnerable

h

siemens

scalance_sc642-2c

-

o

siemens

scalance_sc646-2c_firmware

Vulnerable

h

siemens

scalance_sc646-2c

-

a

azul

zulu

7

a

goto

gotoassist

Vulnerable

References

http://seclists.org/fulldisclosure/2022/May/33

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/May/35

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/May/38

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2022/03/25/2

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2022/03/26/1

ExploitMailing ListThird Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf

Third Party Advisory

https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531

PatchThird Party Advisory

https://github.com/madler/zlib/compare/v1.2.11...v1.2.12

PatchThird Party Advisory

https://github.com/madler/zlib/issues/605

Issue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/

https://security.gentoo.org/glsa/202210-42

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220526-0009/

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220729-0004/

Third Party Advisory

https://support.apple.com/kb/HT213255

Third Party Advisory

https://support.apple.com/kb/HT213256

Third Party Advisory

https://support.apple.com/kb/HT213257

Third Party Advisory

https://www.debian.org/security/2022/dsa-5111

PatchThird Party Advisory

https://www.openwall.com/lists/oss-security/2022/03/24/1

Mailing ListThird Party Advisory

https://www.openwall.com/lists/oss-security/2022/03/28/1

ExploitMailing ListThird Party Advisory

https://www.openwall.com/lists/oss-security/2022/03/28/3

Mailing ListThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

PatchThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-787

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-03-25T09:15:08.187

3 years ago

Last modified

2023-11-07T02:56:26.393

1 year ago