Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-25032

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Published

2022-03-25T09:15:08.187

Last Modified

2025-05-06T15:15:54.753

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-787
Type: Secondary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nokogiri	nokogiri	< 1.13.4	Yes
Application	zlib	zlib	< 1.2.12	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	debian	debian_linux	11.0	Yes
Operating System	fedoraproject	fedora	34	Yes
Operating System	fedoraproject	fedora	35	Yes
Operating System	fedoraproject	fedora	36	Yes
Operating System	apple	mac_os_x	< 10.15.7	Yes
Operating System	apple	mac_os_x	10.15.7	Yes
Operating System	apple	mac_os_x	10.15.7	Yes
Operating System	apple	mac_os_x	10.15.7	Yes
Operating System	apple	mac_os_x	10.15.7	Yes
Operating System	apple	mac_os_x	10.15.7	Yes
Operating System	apple	mac_os_x	10.15.7	Yes
Operating System	apple	mac_os_x	10.15.7	Yes
Operating System	apple	mac_os_x	10.15.7	Yes
Operating System	apple	mac_os_x	10.15.7	Yes
Operating System	apple	mac_os_x	10.15.7	Yes
Operating System	apple	mac_os_x	10.15.7	Yes
Operating System	apple	mac_os_x	10.15.7	Yes
Operating System	apple	mac_os_x	10.15.7	Yes
Operating System	apple	mac_os_x	10.15.7	Yes
Operating System	apple	macos	< 11.6.6	Yes
Operating System	apple	macos	< 12.4	Yes
Application	python	python	< 3.7.14	Yes
Application	python	python	< 3.8.14	Yes
Application	python	python	< 3.9.13	Yes
Application	python	python	< 3.10.5	Yes
Application	mariadb	mariadb	< 10.3.36	Yes
Application	mariadb	mariadb	< 10.4.26	Yes
Application	mariadb	mariadb	< 10.5.17	Yes
Application	mariadb	mariadb	< 10.6.9	Yes
Application	mariadb	mariadb	< 10.7.5	Yes
Application	mariadb	mariadb	< 10.8.4	Yes
Application	mariadb	mariadb	< 10.9.2	Yes
Application	netapp	active_iq_unified_manager	-	Yes
Application	netapp	e-series_santricity_os_controller	≤ 11.70.2	Yes
Application	netapp	management_services_for_element_software	-	Yes
Application	netapp	oncommand_workflow_automation	-	Yes
Application	netapp	ontap_select_deploy_administration_utility	-	Yes
Hardware	netapp	hci_compute_node	-	Yes
Operating System	netapp	h300s_firmware	-	Yes
Hardware	netapp	h300s	-	No
Operating System	netapp	h500s_firmware	-	Yes
Hardware	netapp	h500s	-	No
Operating System	netapp	h700s_firmware	-	Yes
Hardware	netapp	h700s	-	No
Operating System	netapp	h410s_firmware	-	Yes
Hardware	netapp	h410s	-	No
Operating System	netapp	h410c_firmware	-	Yes
Hardware	netapp	h410c	-	No
Operating System	siemens	scalance_sc622-2c_firmware	< 3.0	Yes
Hardware	siemens	scalance_sc622-2c	-	No
Operating System	siemens	scalance_sc626-2c_firmware	< 3.0	Yes
Hardware	siemens	scalance_sc626-2c	-	No
Operating System	siemens	scalance_sc632-2c_firmware	< 3.0	Yes
Hardware	siemens	scalance_sc632-2c	-	No
Operating System	siemens	scalance_sc636-2c_firmware	< 3.0	Yes
Hardware	siemens	scalance_sc636-2c	-	No
Operating System	siemens	scalance_sc642-2c_firmware	< 3.0	Yes
Hardware	siemens	scalance_sc642-2c	-	No
Operating System	siemens	scalance_sc646-2c_firmware	< 3.0	Yes
Hardware	siemens	scalance_sc646-2c	-	No
Application	azul	zulu	6.45	Yes
Application	azul	zulu	7.52	Yes
Application	azul	zulu	8.60	Yes
Application	azul	zulu	11.54	Yes
Application	azul	zulu	13.46	Yes
Application	azul	zulu	15.38	Yes
Application	azul	zulu	17.32	Yes
Application	goto	gotoassist	< 11.9.18	Yes

References

http://seclists.org/fulldisclosure/2022/May/33 Mailing List, Third Party Advisory ([email protected])
http://seclists.org/fulldisclosure/2022/May/35 Mailing List, Third Party Advisory ([email protected])
http://seclists.org/fulldisclosure/2022/May/38 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2022/03/25/2 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2022/03/26/1 Exploit, Mailing List, Third Party Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf Third Party Advisory ([email protected])
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 Patch, Third Party Advisory ([email protected])
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12 Patch, Third Party Advisory ([email protected])
https://github.com/madler/zlib/issues/605 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html Mailing List, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html Mailing List, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/ Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/ Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/ Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/ Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/ Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/ Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/202210-42 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20220526-0009/ Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20220729-0004/ Third Party Advisory ([email protected])
https://support.apple.com/kb/HT213255 Third Party Advisory ([email protected])
https://support.apple.com/kb/HT213256 Third Party Advisory ([email protected])
https://support.apple.com/kb/HT213257 Third Party Advisory ([email protected])
https://www.debian.org/security/2022/dsa-5111 Patch, Third Party Advisory ([email protected])
https://www.openwall.com/lists/oss-security/2022/03/24/1 Mailing List, Third Party Advisory ([email protected])
https://www.openwall.com/lists/oss-security/2022/03/28/1 Exploit, Mailing List, Third Party Advisory ([email protected])
https://www.openwall.com/lists/oss-security/2022/03/28/3 Mailing List, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujul2022.html Patch, Third Party Advisory ([email protected])
http://seclists.org/fulldisclosure/2022/May/33 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2022/May/35 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2022/May/38 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2022/03/25/2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2022/03/26/1 Exploit, Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/madler/zlib/issues/605 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202210-42 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20220526-0009/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20220729-0004/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT213255 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT213256 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT213257 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5111 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2022/03/24/1 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2022/03/28/1 Exploit, Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2022/03/28/3 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2022.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)