CVE-2022-37434

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
References
Link Resource
http://seclists.org/fulldisclosure/2022/Oct/37 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/38 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/41 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/42 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/08/05/2 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/08/09/1 Mailing List Patch Third Party Advisory
https://github.com/curl/curl/issues/9271 Exploit Issue Tracking Third Party Advisory
https://github.com/ivd38/zlib_overflow Exploit Third Party Advisory
https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063 Exploit Third Party Advisory
https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 Patch Third Party Advisory
https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764 Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20220901-0005/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20230427-0007/ Third Party Advisory
https://support.apple.com/kb/HT213488 Third Party Advisory
https://support.apple.com/kb/HT213489 Third Party Advisory
https://support.apple.com/kb/HT213490 Third Party Advisory
https://support.apple.com/kb/HT213491 Third Party Advisory
https://support.apple.com/kb/HT213493 Third Party Advisory
https://support.apple.com/kb/HT213494 Third Party Advisory
https://www.debian.org/security/2022/dsa-5218 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

OR cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Configuration 10 (hide)

OR cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*

History

19 Jul 2023, 00:56

Type Values Removed Values Added
References (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ - (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ - Mailing List, Third Party Advisory
References (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/ - (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/ - Mailing List, Third Party Advisory
References (MISC) http://seclists.org/fulldisclosure/2022/Oct/38 - (MISC) http://seclists.org/fulldisclosure/2022/Oct/38 - Mailing List, Third Party Advisory
References (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ - (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ - Mailing List, Third Party Advisory
References (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ - (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ - Mailing List, Third Party Advisory
References (MISC) http://seclists.org/fulldisclosure/2022/Oct/37 - (MISC) http://seclists.org/fulldisclosure/2022/Oct/37 - Mailing List, Third Party Advisory
References (MISC) http://seclists.org/fulldisclosure/2022/Oct/42 - (MISC) http://seclists.org/fulldisclosure/2022/Oct/42 - Mailing List, Third Party Advisory
References (MISC) https://security.netapp.com/advisory/ntap-20230427-0007/ - (MISC) https://security.netapp.com/advisory/ntap-20230427-0007/ - Third Party Advisory
References (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ - (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ - Mailing List, Third Party Advisory
CPE cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*

27 Apr 2023, 15:15

Type Values Removed Values Added
CPE cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/', 'name': 'FEDORA-2022-15da0cf165', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/', 'name': 'FEDORA-2022-25e4dbedf9', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/', 'name': 'FEDORA-2022-b8232d1cca', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/', 'name': 'FEDORA-2022-0b517a5397', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/', 'name': 'FEDORA-2022-3c28ae0cd8', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'}
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ -
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/ -
  • (MISC) http://seclists.org/fulldisclosure/2022/Oct/38 -
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ -
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ -
  • (MISC) http://seclists.org/fulldisclosure/2022/Oct/37 -
  • (MISC) http://seclists.org/fulldisclosure/2022/Oct/42 -
  • (MISC) https://security.netapp.com/advisory/ntap-20230427-0007/ -
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ -
References (FULLDISC) http://seclists.org/fulldisclosure/2022/Oct/41 - (FULLDISC) http://seclists.org/fulldisclosure/2022/Oct/41 - Mailing List, Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT213494 - (CONFIRM) https://support.apple.com/kb/HT213494 - Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT213489 - (CONFIRM) https://support.apple.com/kb/HT213489 - Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT213491 - (CONFIRM) https://support.apple.com/kb/HT213491 - Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT213493 - (CONFIRM) https://support.apple.com/kb/HT213493 - Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT213490 - (CONFIRM) https://support.apple.com/kb/HT213490 - Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT213488 - (CONFIRM) https://support.apple.com/kb/HT213488 - Third Party Advisory

30 Oct 2022, 23:16

Type Values Removed Values Added
References
  • (FULLDISC) http://seclists.org/fulldisclosure/2022/Oct/41 -

27 Oct 2022, 22:15

Type Values Removed Values Added
References
  • (CONFIRM) https://support.apple.com/kb/HT213494 -
  • (CONFIRM) https://support.apple.com/kb/HT213488 -
  • (CONFIRM) https://support.apple.com/kb/HT213489 -
  • (CONFIRM) https://support.apple.com/kb/HT213491 -
  • (CONFIRM) https://support.apple.com/kb/HT213493 -

27 Oct 2022, 20:15

Type Values Removed Values Added
References
  • (CONFIRM) https://support.apple.com/kb/HT213490 -

27 Oct 2022, 12:36

Type Values Removed Values Added
CPE cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/ - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html - Mailing List, Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20220901-0005/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20220901-0005/ - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2022/dsa-5218 - (DEBIAN) https://www.debian.org/security/2022/dsa-5218 - Third Party Advisory

16 Sep 2022, 04:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ -
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html -

02 Sep 2022, 12:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ -
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20220901-0005/ -

26 Aug 2022, 04:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2022/dsa-5218 -

18 Aug 2022, 04:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ -

11 Aug 2022, 18:38

Type Values Removed Values Added
CPE cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*
References (MISC) https://github.com/curl/curl/issues/9271 - (MISC) https://github.com/curl/curl/issues/9271 - Exploit, Issue Tracking, Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2022/08/09/1 - (MLIST) http://www.openwall.com/lists/oss-security/2022/08/09/1 - Mailing List, Patch, Third Party Advisory
References (MISC) https://github.com/ivd38/zlib_overflow - (MISC) https://github.com/ivd38/zlib_overflow - Exploit, Third Party Advisory
References (MISC) https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063 - (MISC) https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063 - Exploit, Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2022/08/05/2 - (MLIST) http://www.openwall.com/lists/oss-security/2022/08/05/2 - Mailing List, Third Party Advisory
References (MISC) https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764 - (MISC) https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764 - Exploit, Third Party Advisory
References (MISC) https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 - (MISC) https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 - Patch, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-787

09 Aug 2022, 03:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2022/08/09/1 -

08 Aug 2022, 16:15

Type Values Removed Values Added
References
  • (MISC) https://github.com/curl/curl/issues/9271 -

06 Aug 2022, 03:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2022/08/05/2 -

05 Aug 2022, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-08-05 07:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-37434

Mitre link : CVE-2022-37434

CVE.ORG link : CVE-2022-37434


JSON object : View

Products Affected

netapp

  • h500s
  • h300s
  • h300s_firmware
  • h700s_firmware
  • hci
  • management_services_for_element_software
  • active_iq_unified_manager
  • hci_compute_node
  • h700s
  • oncommand_workflow_automation
  • ontap_select_deploy_administration_utility
  • h500s_firmware
  • storagegrid

stormshield

  • stormshield_network_security

debian

  • debian_linux

zlib

  • zlib

apple

  • watchos
  • iphone_os
  • ipados
  • macos

fedoraproject

  • fedora
CWE
CWE-787

Out-of-bounds Write