CVE-2022-37434

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

Published: Aug 5, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-37434
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
zlib / zlib	-	1.2.12.x
fedoraproject / fedora	35	35.x
fedoraproject / fedora	36	36.x
fedoraproject / fedora	37	37.x
debian / debian_linux	10.0	10.0.x
apple / macos	11.0	11.7.1
apple / iphone_os	16.0	16.1
apple / watchos	-	9.1
apple / macos	12.0.0	12.6.1
apple / iphone_os	-	15.7.1
apple / ipados	-	15.7.1
stormshield / stormshield_network_security	4.6.0	4.6.3
stormshield / stormshield_network_security	4.3.0	4.3.16
stormshield / stormshield_network_security	3.11.0	3.11.22
stormshield / stormshield_network_security	3.7.31	3.7.34

Vulnerability Database

289,599

CVE-2022-37434