Updated: 2026-02-27 03:07:43.051527
Description:
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 5.0 |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | zlib | 1.2.11 | 7.5 | HIGH | Already Fixed | 2025-09-05 13:40:05 | ||
| AlmaLinux 9.2 ESU | rsync | 3.2.3 | 7.5 | HIGH | Already Fixed | 2025-09-05 13:40:01 | ||
| Alpine Linux 3.18 ELS | zlib | 1.2.13 | 7.5 | HIGH | Already Fixed | 2025-12-05 22:18:49 | ||
| Alpine Linux 3.18 ELS | rsync | 3.4.0 | 7.5 | HIGH | Not Vulnerable | 2025-12-29 18:13:45 | ||
| CentOS 6 ELS | python | 2.6.6 | 7.5 | HIGH | Not Vulnerable | 2022-08-17 11:02:28 | Not affected: CVE-2018-25032 is a flaw in the zlib library (versions prior to 1.2.12) during deflate... | |
| CentOS 6 ELS | zlib | 1.2.3 | 7.5 | HIGH | Released | CLSA-2022:1652706231 | 2022-05-26 16:03:29 | Not affected: CVE-2018-25032 is a flaw in the zlib library (versions prior to 1.2.12) during deflate... |
| CentOS 6 ELS | minizip | 1.2.3 | 7.5 | HIGH | Already Fixed | 2026-01-09 01:31:18 | Not affected: CVE-2018-25032 is a flaw in the zlib library (versions prior to 1.2.12) during deflate... | |
| CentOS 6 ELS | rsync | 3.0.6 | 7.5 | HIGH | Released | CLSA-2022:1653004535 | 2022-05-26 16:03:22 | Not affected: CVE-2018-25032 is a flaw in the zlib library (versions prior to 1.2.12) during deflate... |
| CentOS 7 ELS | rsync | 3.1.2 | 7.5 | HIGH | Released | CLSA-2023:1699380056 | 2023-11-07 13:07:45 | |
| CentOS 7 ELS | python | 2.7.5 | 7.5 | HIGH | Not Vulnerable | 2023-10-30 09:34:04 |