CVE-2018-25032

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
References
Link Resource
https://www.openwall.com/lists/oss-security/2022/03/24/1 Mailing List Third Party Advisory
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/03/25/2 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/03/26/1 Exploit Mailing List Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/03/28/1 Exploit Mailing List Third Party Advisory
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12 Patch Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/03/28/3 Mailing List Third Party Advisory
https://github.com/madler/zlib/issues/605 Issue Tracking Patch Third Party Advisory
https://www.debian.org/security/2022/dsa-5111 Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/ Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html Third Party Advisory
https://support.apple.com/kb/HT213255
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213257
http://seclists.org/fulldisclosure/2022/May/33
http://seclists.org/fulldisclosure/2022/May/35
http://seclists.org/fulldisclosure/2022/May/38
https://security.netapp.com/advisory/ntap-20220526-0009/
Configurations

Configuration 1 (hide)

cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

History

26 May 2022, 08:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20220526-0009/ -

17 May 2022, 07:15

Type Values Removed Values Added
References
  • (FULLDISC) http://seclists.org/fulldisclosure/2022/May/33 -
  • (FULLDISC) http://seclists.org/fulldisclosure/2022/May/35 -
  • (FULLDISC) http://seclists.org/fulldisclosure/2022/May/38 -

16 May 2022, 20:15

Type Values Removed Values Added
References
  • (CONFIRM) https://support.apple.com/kb/HT213256 -
  • (CONFIRM) https://support.apple.com/kb/HT213257 -
  • (CONFIRM) https://support.apple.com/kb/HT213255 -

12 May 2022, 20:04

Type Values Removed Values Added
First Time Fedoraproject
Debian debian Linux
Debian
Fedoraproject fedora
CPE cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2022/dsa-5111 - (DEBIAN) https://www.debian.org/security/2022/dsa-5111 - Patch, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/ - Mailing List, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/ - Third Party Advisory

07 May 2022, 16:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html -

07 May 2022, 08:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/ -

29 Apr 2022, 09:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/ -

18 Apr 2022, 19:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/ -

02 Apr 2022, 23:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html -

01 Apr 2022, 20:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2022/dsa-5111 -

30 Mar 2022, 18:50

Type Values Removed Values Added
First Time Zlib
Zlib zlib
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
CWE CWE-787
References (MISC) https://www.openwall.com/lists/oss-security/2022/03/24/1 - (MISC) https://www.openwall.com/lists/oss-security/2022/03/24/1 - Mailing List, Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2022/03/26/1 - (MLIST) http://www.openwall.com/lists/oss-security/2022/03/26/1 - Exploit, Mailing List, Third Party Advisory
References (MISC) https://www.openwall.com/lists/oss-security/2022/03/28/1 - (MISC) https://www.openwall.com/lists/oss-security/2022/03/28/1 - Exploit, Mailing List, Third Party Advisory
References (MISC) https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 - (MISC) https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 - Patch, Third Party Advisory
References (CONFIRM) https://github.com/madler/zlib/compare/v1.2.11...v1.2.12 - (CONFIRM) https://github.com/madler/zlib/compare/v1.2.11...v1.2.12 - Patch, Third Party Advisory
References (MISC) https://github.com/madler/zlib/issues/605 - (MISC) https://github.com/madler/zlib/issues/605 - Issue Tracking, Patch, Third Party Advisory
References (MISC) https://www.openwall.com/lists/oss-security/2022/03/28/3 - (MISC) https://www.openwall.com/lists/oss-security/2022/03/28/3 - Mailing List, Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2022/03/25/2 - (MLIST) http://www.openwall.com/lists/oss-security/2022/03/25/2 - Mailing List, Third Party Advisory
CPE cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*

30 Mar 2022, 00:15

Type Values Removed Values Added
References
  • (MISC) https://github.com/madler/zlib/issues/605 -

29 Mar 2022, 15:15

Type Values Removed Values Added
References
  • (MISC) https://www.openwall.com/lists/oss-security/2022/03/28/1 -
  • (CONFIRM) https://github.com/madler/zlib/compare/v1.2.11...v1.2.12 -
  • (MISC) https://www.openwall.com/lists/oss-security/2022/03/28/3 -
Summary zlib 1.2.11 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

26 Mar 2022, 21:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2022/03/26/1 -

25 Mar 2022, 18:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2022/03/25/2 -

25 Mar 2022, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-03-25 09:15

Updated : 2022-05-26 08:15


NVD link : CVE-2018-25032

Mitre link : CVE-2018-25032


JSON object : View

Products Affected

debian

  • debian_linux

fedoraproject

  • fedora

zlib

  • zlib
CWE
CWE-787

Out-of-bounds Write