zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
|
Configuration 10 (hide)
|
History
19 Jul 2023, 00:56
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ - Mailing List, Third Party Advisory | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/ - Mailing List, Third Party Advisory | |
References | (MISC) http://seclists.org/fulldisclosure/2022/Oct/38 - Mailing List, Third Party Advisory | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ - Mailing List, Third Party Advisory | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ - Mailing List, Third Party Advisory | |
References | (MISC) http://seclists.org/fulldisclosure/2022/Oct/37 - Mailing List, Third Party Advisory | |
References | (MISC) http://seclists.org/fulldisclosure/2022/Oct/42 - Mailing List, Third Party Advisory | |
References | (MISC) https://security.netapp.com/advisory/ntap-20230427-0007/ - Third Party Advisory | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:* |
27 Apr 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
|
References |
|
|
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Oct/41 - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213494 - Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213489 - Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213491 - Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213493 - Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213490 - Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213488 - Third Party Advisory |
30 Oct 2022, 23:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Oct 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Oct 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Oct 2022, 12:36
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220901-0005/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5218 - Third Party Advisory |
16 Sep 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Sep 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Aug 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Aug 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Aug 2022, 18:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/curl/curl/issues/9271 - Exploit, Issue Tracking, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/08/09/1 - Mailing List, Patch, Third Party Advisory | |
References | (MISC) https://github.com/ivd38/zlib_overflow - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063 - Exploit, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/08/05/2 - Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764 - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 - Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-787 |
09 Aug 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Aug 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Aug 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Aug 2022, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-05 07:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-37434
Mitre link : CVE-2022-37434
CVE.ORG link : CVE-2022-37434
JSON object : View
Products Affected
netapp
- h500s
- h300s
- h300s_firmware
- h700s_firmware
- hci
- management_services_for_element_software
- active_iq_unified_manager
- hci_compute_node
- h700s
- oncommand_workflow_automation
- ontap_select_deploy_administration_utility
- h500s_firmware
- storagegrid
stormshield
- stormshield_network_security
debian
- debian_linux
zlib
- zlib
apple
- watchos
- iphone_os
- ipados
- macos
fedoraproject
- fedora
CWE
CWE-787
Out-of-bounds Write