9.8

CVE-2022-37434

Exploit
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZlibZlib Version <= 1.2.12
FedoraprojectFedora Version35
FedoraprojectFedora Version36
FedoraprojectFedora Version37
DebianDebian Linux Version10.0
NetappActive Iq Unified Manager Version- SwPlatformvmware_vsphere
NetappActive Iq Unified Manager Version- SwPlatformwindows
NetappHci Version-
NetappStoragegrid Version-
NetappHci Compute Node Version-
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
AppleiPadOS Version < 15.7.1
AppleiPhone OS Version < 15.7.1
AppleiPhone OS Version >= 16.0 < 16.1
ApplemacOS Version >= 11.0 < 11.7.1
ApplemacOS Version >= 12.0.0 < 12.6.1
ApplewatchOS Version < 9.1
StormshieldStormshield Network Security Version >= 3.7.31 < 3.7.34
StormshieldStormshield Network Security Version >= 3.11.0 < 3.11.22
StormshieldStormshield Network Security Version >= 4.3.0 < 4.3.16
StormshieldStormshield Network Security Version >= 4.6.0 < 4.6.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 15.93% 0.965
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://seclists.org/fulldisclosure/2022/Oct/41
Third Party Advisory
Mailing List
https://support.apple.com/kb/HT213488
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/42
Third Party Advisory
Mailing List
https://support.apple.com/kb/HT213493
Third Party Advisory
https://support.apple.com/kb/HT213494
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2022/Oct/37
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2022/Oct/38
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/08/05/2
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/08/09/1
Patch
Third Party Advisory
Mailing List
https://github.com/curl/curl/issues/9271
Third Party Advisory
Exploit
Issue Tracking
https://github.com/ivd38/zlib_overflow
Third Party Advisory
Exploit
https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063
Third Party Advisory
Exploit
https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1
Patch
Third Party Advisory
https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764
Third Party Advisory
Exploit
https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/
Third Party Advisory
Mailing List
https://security.netapp.com/advisory/ntap-20220901-0005/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230427-0007/
Third Party Advisory
https://support.apple.com/kb/HT213489
Third Party Advisory
https://support.apple.com/kb/HT213490
Third Party Advisory
https://support.apple.com/kb/HT213491
Third Party Advisory
https://www.debian.org/security/2022/dsa-5218
Third Party Advisory
https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d