7.5

CVE-2018-25032

Exploit

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NokogiriNokogiri SwPlatformruby Version < 1.13.4
PythonPython Version >= 3.7.0 < 3.7.14
   MicrosoftWindows Version-
PythonPython Version >= 3.8.0 < 3.8.14
   MicrosoftWindows Version-
PythonPython Version >= 3.9.0 < 3.9.13
   MicrosoftWindows Version-
PythonPython Version >= 3.10.0 < 3.10.5
   MicrosoftWindows Version-
ZlibZlib Version >= 1.2.2.2 < 1.2.12
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
FedoraprojectFedora Version34
FedoraprojectFedora Version35
FedoraprojectFedora Version36
ApplemacOS X Version >= 10.15 < 10.15.7
ApplemacOS X Version10.15.7 Update-
ApplemacOS X Version10.15.7 Updatesecurity_update_2020
ApplemacOS X Version10.15.7 Updatesecurity_update_2020-001
ApplemacOS X Version10.15.7 Updatesecurity_update_2020-005
ApplemacOS X Version10.15.7 Updatesecurity_update_2020-007
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-001
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-002
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-003
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-006
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-007
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-008
ApplemacOS X Version10.15.7 Updatesecurity_update_2022-001
ApplemacOS X Version10.15.7 Updatesecurity_update_2022-002
ApplemacOS X Version10.15.7 Updatesecurity_update_2022-003
ApplemacOS Version >= 11.0 < 11.6.6
ApplemacOS Version >= 12.0.0 < 12.4
MariadbMariadb Version >= 10.3.0 < 10.3.36
MariadbMariadb Version >= 10.4.0 < 10.4.26
MariadbMariadb Version >= 10.5.0 < 10.5.17
MariadbMariadb Version >= 10.6.0 < 10.6.9
MariadbMariadb Version >= 10.7.0 < 10.7.5
MariadbMariadb Version >= 10.8.0 < 10.8.4
MariadbMariadb Version >= 10.9.0 < 10.9.2
NetappActive Iq Unified Manager Version- SwPlatformvmware_vsphere
NetappE-series Santricity Os Controller Version >= 11.0.0 <= 11.70.2
NetappHci Compute Node Version-
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappH410s Firmware Version-
   NetappH410s Version-
NetappH410c Firmware Version-
   NetappH410c Version-
SiemensScalance Sc622-2c Firmware Version < 3.0
   SiemensScalance Sc622-2c Version-
SiemensScalance Sc626-2c Firmware Version < 3.0
   SiemensScalance Sc626-2c Version-
SiemensScalance Sc632-2c Firmware Version < 3.0
   SiemensScalance Sc632-2c Version-
SiemensScalance Sc636-2c Firmware Version < 3.0
   SiemensScalance Sc636-2c Version-
SiemensScalance Sc642-2c Firmware Version < 3.0
   SiemensScalance Sc642-2c Version-
SiemensScalance Sc646-2c Firmware Version < 3.0
   SiemensScalance Sc646-2c Version-
AzulZulu Version6.45
AzulZulu Version7.52
AzulZulu Version8.60
AzulZulu Version11.54
AzulZulu Version13.46
AzulZulu Version15.38
AzulZulu Version17.32
GotoGotoassist Version < 11.9.18
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.09% 0.264
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://seclists.org/fulldisclosure/2022/May/35
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2022/May/33
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2022/May/38
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/03/26/1
Third Party Advisory
Exploit
Mailing List
https://github.com/madler/zlib/issues/605
Patch
Third Party Advisory
Issue Tracking
https://www.openwall.com/lists/oss-security/2022/03/28/1
Third Party Advisory
Exploit
Mailing List