CVE - CVE-2022-37434

CVE-ID
CVE-2022-37434	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://security.netapp.com/advisory/ntap-20230427-0007/ MISC:20221030 APPLE-SA-2022-10-27-1 iOS 15.7.1 and iPadOS 15.7.1 URL:http://seclists.org/fulldisclosure/2022/Oct/37 MISC:20221030 APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16 URL:http://seclists.org/fulldisclosure/2022/Oct/38 MISC:20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 URL:http://seclists.org/fulldisclosure/2022/Oct/41 MISC:20221030 APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1 URL:http://seclists.org/fulldisclosure/2022/Oct/42 MISC:DSA-5218 URL:https://www.debian.org/security/2022/dsa-5218 MISC:FEDORA-2022-0b517a5397 URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ MISC:FEDORA-2022-15da0cf165 URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ MISC:FEDORA-2022-25e4dbedf9 URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ MISC:FEDORA-2022-3c28ae0cd8 URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ MISC:FEDORA-2022-b8232d1cca URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/ MISC:[debian-lts-announce] 20220912 [SECURITY] [DLA 3103-1] zlib security update URL:https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html MISC:[oss-security] 20220805 zlib buffer overflow URL:http://www.openwall.com/lists/oss-security/2022/08/05/2 MISC:[oss-security] 20220808 Re: zlib buffer overflow URL:http://www.openwall.com/lists/oss-security/2022/08/09/1 MISC:https://github.com/curl/curl/issues/9271 URL:https://github.com/curl/curl/issues/9271 MISC:https://github.com/ivd38/zlib_overflow URL:https://github.com/ivd38/zlib_overflow MISC:https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063 URL:https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063 MISC:https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 URL:https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 MISC:https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764 URL:https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764 MISC:https://security.netapp.com/advisory/ntap-20220901-0005/ URL:https://security.netapp.com/advisory/ntap-20220901-0005/ MISC:https://support.apple.com/kb/HT213488 URL:https://support.apple.com/kb/HT213488 MISC:https://support.apple.com/kb/HT213489 URL:https://support.apple.com/kb/HT213489 MISC:https://support.apple.com/kb/HT213490 URL:https://support.apple.com/kb/HT213490 MISC:https://support.apple.com/kb/HT213491 URL:https://support.apple.com/kb/HT213491 MISC:https://support.apple.com/kb/HT213493 URL:https://support.apple.com/kb/HT213493 MISC:https://support.apple.com/kb/HT213494 URL:https://support.apple.com/kb/HT213494
Assigning CNA
MITRE Corporation
Date Record Created
20220805	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20220805)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)