CVE-2022-37434

Updated: 2024-05-15 05:31:11.681085

Description:

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU zlib 1.2.11 9.8 CRITICAL Already Fixed 2023-11-08 08:35:45
CentOS 6 ELS rsync 3.0.6 9.8 CRITICAL Released CLSA-2022:1661442999 2022-09-07 11:02:34
CentOS 6 ELS zlib 1.2.3 9.8 CRITICAL Released CLSA-2022:1660762053 2022-08-29 14:02:38
CentOS 7 ELS rsync 3.1.2 9.8 CRITICAL Released CLSA-2023:1699380056 2023-11-07 13:07:46
CentOS 7 ELS zlib 1.2.7 9.8 CRITICAL Already Fixed 2023-09-19 09:30:10
CentOS 8.4 ELS rsync 3.1.3 9.8 CRITICAL Released CLSA-2022:1661443990 2022-08-25 14:02:14
CentOS 8.4 ELS zlib 1.2.11-17 9.8 CRITICAL Released CLSA-2022:1660757579 2022-08-17 14:02:32
CentOS 8.5 ELS rsync 3.1.3 9.8 CRITICAL Released CLSA-2022:1661443683 2022-08-25 14:02:15
CentOS 8.5 ELS zlib 1.2.11-17 9.8 CRITICAL Released CLSA-2022:1660758906 2022-08-17 14:02:33
CloudLinux 6 ELS rsync 3.0.6 9.8 CRITICAL Released CLSA-2022:1661442662 2022-09-07 11:02:33
Total: 17