CVE-2022-37434
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-37434
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37434.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-37434
- Related
- Published
- 2022-08-05T07:15:07Z
- Modified
- 2024-09-18T03:21:26.416503Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
- References
-
- https://security.netapp.com/advisory/ntap-20220901-0005/
- https://security.netapp.com/advisory/ntap-20230427-0007/
- https://www.debian.org/security/2022/dsa-5218
- http://seclists.org/fulldisclosure/2022/Oct/37
- http://seclists.org/fulldisclosure/2022/Oct/38
- http://seclists.org/fulldisclosure/2022/Oct/41
- http://seclists.org/fulldisclosure/2022/Oct/42
- http://www.openwall.com/lists/oss-security/2022/08/05/2
- http://www.openwall.com/lists/oss-security/2022/08/09/1
- https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/
- https://github.com/curl/curl/issues/9271
- https://github.com/ivd38/zlib_overflow
- https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063
- https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764
- https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1
- https://support.apple.com/kb/HT213488
- https://support.apple.com/kb/HT213489
- https://support.apple.com/kb/HT213490
- https://support.apple.com/kb/HT213491
- https://support.apple.com/kb/HT213493
- https://support.apple.com/kb/HT213494
- https://security.alpinelinux.org/vuln/CVE-2022-37434
- https://security-tracker.debian.org/tracker/CVE-2022-37434
Affected packages
Alpine:v3.11 / zlib
Package
- Name
- zlib
- Purl
- pkg:apk/alpine/zlib?arch=source
Alpine:v3.12 / zlib
Package
- Name
- zlib
- Purl
- pkg:apk/alpine/zlib?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.2.12-r2
Affected versions
1.*
1.2.3.3-r2
1.2.3.3-r3
1.2.3.3-r4
1.2.3.3-r5
1.2.3.3-r6
1.2.3.3-r7
1.2.3.4-r0
1.2.3.4-r1
1.2.3.7-r0
1.2.3.7-r1
1.2.3.9-r0
1.2.4-r0
1.2.4-r1
1.2.5-r0
1.2.5-r1
1.2.5-r2
1.2.6-r0
1.2.7-r0
1.2.7-r1
1.2.8-r0
1.2.8-r1
1.2.8-r2
1.2.10-r0
1.2.11-r0
1.2.11-r1
1.2.11-r2
1.2.11-r3
1.2.12-r0
1.2.12-r1
Alpine:v3.13 / zlib
Package
- Name
- zlib
- Purl
- pkg:apk/alpine/zlib?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.2.12-r2
Affected versions
1.*
1.2.3.3-r2
1.2.3.3-r3
1.2.3.3-r4
1.2.3.3-r5
1.2.3.3-r6
1.2.3.3-r7
1.2.3.4-r0
1.2.3.4-r1
1.2.3.7-r0
1.2.3.7-r1
1.2.3.9-r0
1.2.4-r0
1.2.4-r1
1.2.5-r0
1.2.5-r1
1.2.5-r2
1.2.6-r0
1.2.7-r0
1.2.7-r1
1.2.8-r0
1.2.8-r1
1.2.8-r2
1.2.10-r0
1.2.11-r0
1.2.11-r1
1.2.11-r2
1.2.11-r3
1.2.12-r0
1.2.12-r1
Alpine:v3.14 / zlib
Package
- Name
- zlib
- Purl
- pkg:apk/alpine/zlib?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.2.12-r2
Affected versions
1.*
1.2.3.3-r2
1.2.3.3-r3
1.2.3.3-r4
1.2.3.3-r5
1.2.3.3-r6
1.2.3.3-r7
1.2.3.4-r0
1.2.3.4-r1
1.2.3.7-r0
1.2.3.7-r1
1.2.3.9-r0
1.2.4-r0
1.2.4-r1
1.2.5-r0
1.2.5-r1
1.2.5-r2
1.2.6-r0
1.2.7-r0
1.2.7-r1
1.2.8-r0
1.2.8-r1
1.2.8-r2
1.2.10-r0
1.2.11-r0
1.2.11-r1
1.2.11-r2
1.2.11-r3
1.2.12-r0
1.2.12-r1
Alpine:v3.15 / zlib
Package
- Name
- zlib
- Purl
- pkg:apk/alpine/zlib?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.2.12-r2
Affected versions
1.*
1.2.3.3-r2
1.2.3.3-r3
1.2.3.3-r4
1.2.3.3-r5
1.2.3.3-r6
1.2.3.3-r7
1.2.3.4-r0
1.2.3.4-r1
1.2.3.7-r0
1.2.3.7-r1
1.2.3.9-r0
1.2.4-r0
1.2.4-r1
1.2.5-r0
1.2.5-r1
1.2.5-r2
1.2.6-r0
1.2.7-r0
1.2.7-r1
1.2.8-r0
1.2.8-r1
1.2.8-r2
1.2.10-r0
1.2.11-r0
1.2.11-r1
1.2.11-r2
1.2.11-r3
1.2.12-r0
1.2.12-r1
Alpine:v3.16 / zlib
Package
- Name
- zlib
- Purl
- pkg:apk/alpine/zlib?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.2.12-r2
Affected versions
1.*
1.2.3.3-r2
1.2.3.3-r3
1.2.3.3-r4
1.2.3.3-r5
1.2.3.3-r6
1.2.3.3-r7
1.2.3.4-r0
1.2.3.4-r1
1.2.3.7-r0
1.2.3.7-r1
1.2.3.9-r0
1.2.4-r0
1.2.4-r1
1.2.5-r0
1.2.5-r1
1.2.5-r2
1.2.6-r0
1.2.7-r0
1.2.7-r1
1.2.8-r0
1.2.8-r1
1.2.8-r2
1.2.10-r0
1.2.11-r0
1.2.11-r1
1.2.11-r2
1.2.11-r3
1.2.11-r4
1.2.12-r0
1.2.12-r1
Alpine:v3.17 / zlib
Package
- Name
- zlib
- Purl
- pkg:apk/alpine/zlib?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.2.12-r2
Affected versions
1.*
1.2.3.3-r2
1.2.3.3-r3
1.2.3.3-r4
1.2.3.3-r5
1.2.3.3-r6
1.2.3.3-r7
1.2.3.4-r0
1.2.3.4-r1
1.2.3.7-r0
1.2.3.7-r1
1.2.3.9-r0
1.2.4-r0
1.2.4-r1
1.2.5-r0
1.2.5-r1
1.2.5-r2
1.2.6-r0
1.2.7-r0
1.2.7-r1
1.2.8-r0
1.2.8-r1
1.2.8-r2
1.2.10-r0
1.2.11-r0
1.2.11-r1
1.2.11-r2
1.2.11-r3
1.2.11-r4
1.2.12-r0
1.2.12-r1
Alpine:v3.18 / zlib
Package
- Name
- zlib
- Purl
- pkg:apk/alpine/zlib?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.2.12-r2
Affected versions
1.*
1.2.3.3-r2
1.2.3.3-r3
1.2.3.3-r4
1.2.3.3-r5
1.2.3.3-r6
1.2.3.3-r7
1.2.3.4-r0
1.2.3.4-r1
1.2.3.7-r0
1.2.3.7-r1
1.2.3.9-r0
1.2.4-r0
1.2.4-r1
1.2.5-r0
1.2.5-r1
1.2.5-r2
1.2.6-r0
1.2.7-r0
1.2.7-r1
1.2.8-r0
1.2.8-r1
1.2.8-r2
1.2.10-r0
1.2.11-r0
1.2.11-r1
1.2.11-r2
1.2.11-r3
1.2.11-r4
1.2.12-r0
1.2.12-r1
Alpine:v3.19 / zlib
Package
- Name
- zlib
- Purl
- pkg:apk/alpine/zlib?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.2.12-r2
Affected versions
1.*
1.2.3.3-r2
1.2.3.3-r3
1.2.3.3-r4
1.2.3.3-r5
1.2.3.3-r6
1.2.3.3-r7
1.2.3.4-r0
1.2.3.4-r1
1.2.3.7-r0
1.2.3.7-r1
1.2.3.9-r0
1.2.4-r0
1.2.4-r1
1.2.5-r0
1.2.5-r1
1.2.5-r2
1.2.6-r0
1.2.7-r0
1.2.7-r1
1.2.8-r0
1.2.8-r1
1.2.8-r2
1.2.10-r0
1.2.11-r0
1.2.11-r1
1.2.11-r2
1.2.11-r3
1.2.11-r4
1.2.12-r0
1.2.12-r1
Alpine:v3.20 / zlib
Package
- Name
- zlib
- Purl
- pkg:apk/alpine/zlib?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.2.12-r2
Affected versions
1.*
1.2.3.3-r2
1.2.3.3-r3
1.2.3.3-r4
1.2.3.3-r5
1.2.3.3-r6
1.2.3.3-r7
1.2.3.4-r0
1.2.3.4-r1
1.2.3.7-r0
1.2.3.7-r1
1.2.3.9-r0
1.2.4-r0
1.2.4-r1
1.2.5-r0
1.2.5-r1
1.2.5-r2
1.2.6-r0
1.2.7-r0
1.2.7-r1
1.2.8-r0
1.2.8-r1
1.2.8-r2
1.2.10-r0
1.2.11-r0
1.2.11-r1
1.2.11-r2
1.2.11-r3
1.2.11-r4
1.2.12-r0
1.2.12-r1
Debian:11 / libz-mingw-w64
Package
- Name
- libz-mingw-w64
- Purl
- pkg:deb/debian/libz-mingw-w64?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:12 / libz-mingw-w64
Package
- Name
- libz-mingw-w64
- Purl
- pkg:deb/debian/libz-mingw-w64?arch=source
Debian:13 / libz-mingw-w64
Package
- Name
- libz-mingw-w64
- Purl
- pkg:deb/debian/libz-mingw-w64?arch=source
Debian:11 / zlib
Package
- Name
- zlib
- Purl
- pkg:deb/debian/zlib?arch=source
Debian:12 / zlib
Package
- Name
- zlib
- Purl
- pkg:deb/debian/zlib?arch=source
Debian:13 / zlib
Package
- Name
- zlib
- Purl
- pkg:deb/debian/zlib?arch=source
Git / github.com/madler/zlib
Affected ranges
- Type
- GIT
- Repo
- https://github.com/madler/zlib
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.71
v0.79
v0.8
v0.9
v0.91
v0.92
v0.93
v0.94
v0.95
v0.99
v1.*
v1.0-pre
v1.0.1
v1.0.2
v1.0.4
v1.0.5
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.2.0
v1.2.0.1
v1.2.0.2
v1.2.0.3
v1.2.0.4
v1.2.0.5
v1.2.0.6
v1.2.0.7
v1.2.0.8
v1.2.1
v1.2.1.1
v1.2.1.2
v1.2.10
v1.2.11
v1.2.12
v1.2.2
v1.2.2.1
v1.2.2.2
v1.2.2.3
v1.2.2.4
v1.2.3
v1.2.3.1
v1.2.3.2
v1.2.3.3
v1.2.3.4
v1.2.3.5
v1.2.3.6
v1.2.3.7
v1.2.3.8
v1.2.3.9
v1.2.4
v1.2.4-pre1
v1.2.4-pre2
v1.2.4.1
v1.2.4.2
v1.2.4.3
v1.2.4.4
v1.2.4.5
v1.2.5
v1.2.5.1
v1.2.5.2
v1.2.5.3
v1.2.6
v1.2.6.1
v1.2.7
v1.2.7.1
v1.2.7.2
v1.2.7.3
v1.2.8
v1.2.9