CVE-2018-25032

Description

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Related CPE's

azlibzlib********

odebiandebian_linux9.0*******

odebiandebian_linux10.0*******

odebiandebian_linux11.0*******

ofedoraprojectfedora34*******

ofedoraprojectfedora35*******

ofedoraprojectfedora36*******

oapplemac_os_x********

oapplemac_os_x10.15.7security_update_2020-005******

oapplemac_os_x10.15.7security_update_2020-007******

References

https://www.openwall.com/lists/oss-security/2022/03/24/1

Mailing ListThird Party Advisory

https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531

PatchThird Party Advisory

[oss-security] 20220325 Re: zlib memory corruption on deflate (i.e. compress)

Mailing ListThird Party Advisory

[oss-security] 20220326 Re: zlib memory corruption on deflate (i.e. compress)

ExploitMailing ListThird Party Advisory

https://www.openwall.com/lists/oss-security/2022/03/28/1

ExploitMailing ListThird Party Advisory

https://github.com/madler/zlib/compare/v1.2.11...v1.2.12

PatchThird Party Advisory

https://www.openwall.com/lists/oss-security/2022/03/28/3

Mailing ListThird Party Advisory

https://github.com/madler/zlib/issues/605

Issue TrackingPatchThird Party Advisory

DSA-5111

PatchThird Party Advisory

[debian-lts-announce] 20220402 [SECURITY] [DLA 2968-1] zlib security update

Mailing ListThird Party Advisory

FEDORA-2022-413a80a102

Mailing ListThird Party Advisory

FEDORA-2022-dbd2935e44

Mailing ListThird Party Advisory

FEDORA-2022-12b89e2aad

Mailing ListThird Party Advisory

[debian-lts-announce] 20220507 [SECURITY] [DLA 2993-1] libz-mingw-w64 security update

Mailing ListThird Party Advisory

https://support.apple.com/kb/HT213255

Third Party Advisory

https://support.apple.com/kb/HT213256

Third Party Advisory

https://support.apple.com/kb/HT213257

Third Party Advisory

20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina

Mailing ListThird Party Advisory

20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6

Mailing ListThird Party Advisory

20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20220526-0009/

Third Party Advisory

FEDORA-2022-61cf1c64f6

Issue TrackingThird Party Advisory

N/A

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220729-0004/

Third Party Advisory

CvssV3 impact

Version

3.1

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AttackVector

NETWORK

AttackComplexity

LOW

PrivilegesRequired

NONE

UserInteraction

NONE

Scope

UNCHANGED

ConfidentialityImpact

NONE

IntegrityImpact

NONE

AvailabilityImpact

HIGH

BaseScore

7.5

BaseSeverity

HIGH

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:N/I:N/A:P

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

NONE

AvailabilityImpact

PARTIAL

BaseScore

5

Created by Yello
About Severity.io