You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
Zlib in versions v0.8 to v1.2.11 is vulnerable to use-of-uninitialized-value in inflate.
There are a couple of places in inflate() where UPDATE is called with state->check as its first parameter, without a guarantee that this value has been initialized (state comes from a ZALLOC in inflateInit). This causes use of uninitialized check value.
Vulnerable Library - zlibv1.2.11
A massively spiffy yet delicately unobtrusive compression library.
Library home page: https://github.com/madler/zlib.git
Found in HEAD commit: c44e79751a9606bd11bd1704dee2684af7e4570b
Vulnerable Source Files (1)
/vendor/zlib-1.2.11.1/inflate.c
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2022-37434
Vulnerable Library - zlibv1.2.11
A massively spiffy yet delicately unobtrusive compression library.
Library home page: https://github.com/madler/zlib.git
Found in HEAD commit: c44e79751a9606bd11bd1704dee2684af7e4570b
Found in base branch: main
Vulnerable Source Files (1)
/vendor/zlib-1.2.11.1/inflate.c
Vulnerability Details
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
Publish Date: 2022-08-05
URL: CVE-2022-37434
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.3%
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2022-08-05
Fix Resolution: v1.2.13
CVE-2018-25032
Vulnerable Libraries - zlibv1.2.11, zlibv1.2.11, zlibv1.2.11
Vulnerability Details
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Publish Date: 2022-03-25
URL: CVE-2018-25032
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.3%
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2022-03-25
Fix Resolution: v1.2.12
WS-2020-0368
Vulnerable Library - zlibv1.2.11
A massively spiffy yet delicately unobtrusive compression library.
Library home page: https://github.com/madler/zlib.git
Found in HEAD commit: c44e79751a9606bd11bd1704dee2684af7e4570b
Found in base branch: main
Vulnerable Source Files (1)
/vendor/zlib-1.2.11.1/inflate.c
Vulnerability Details
Zlib in versions v0.8 to v1.2.11 is vulnerable to use-of-uninitialized-value in inflate.
There are a couple of places in inflate() where UPDATE is called with state->check as its first parameter, without a guarantee that this value has been initialized (state comes from a ZALLOC in inflateInit). This causes use of uninitialized check value.
Publish Date: 2020-02-22
URL: WS-2020-0368
Threat Assessment
Exploit Maturity: Not Defined
EPSS:
CVSS 3 Score Details (6.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/WS-2020-0368
Release Date: 2020-02-22
Fix Resolution: cmake-native - 3.15.5;binutils-cross-testsuite - 2.35;libstd-rs - 1.57.0;gdb - 11.1,9.2;tcl - 8.6.11;sudo - 1.8.32;binutils - 2.35,2.28;ccache - 3.3.3,4.1;libgit2 - 1.3.0;cmake - 3.19.5,3.7.0,3.7.2,3.22.0,3.17.3;cmake-native - 3.17.3,3.7.0,3.22.0,3.18.4;ghostscript - 9.55.0
The text was updated successfully, but these errors were encountered: