Updated: 2024-05-15 05:31:11.681085
Description:
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | CRITICAL | 9.8 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | zlib | 1.2.11 | 9.8 | CRITICAL | Already Fixed | 2023-11-08 08:35:45 | |
CentOS 6 ELS | rsync | 3.0.6 | 9.8 | CRITICAL | Released | CLSA-2022:1661442999 | 2022-09-07 11:02:34 |
CentOS 6 ELS | zlib | 1.2.3 | 9.8 | CRITICAL | Released | CLSA-2022:1660762053 | 2022-08-29 14:02:38 |
CentOS 7 ELS | rsync | 3.1.2 | 9.8 | CRITICAL | Released | CLSA-2023:1699380056 | 2023-11-07 13:07:46 |
CentOS 7 ELS | zlib | 1.2.7 | 9.8 | CRITICAL | Already Fixed | 2023-09-19 09:30:10 | |
CentOS 8.4 ELS | rsync | 3.1.3 | 9.8 | CRITICAL | Released | CLSA-2022:1661443990 | 2022-08-25 14:02:14 |
CentOS 8.4 ELS | zlib | 1.2.11-17 | 9.8 | CRITICAL | Released | CLSA-2022:1660757579 | 2022-08-17 14:02:32 |
CentOS 8.5 ELS | rsync | 3.1.3 | 9.8 | CRITICAL | Released | CLSA-2022:1661443683 | 2022-08-25 14:02:15 |
CentOS 8.5 ELS | zlib | 1.2.11-17 | 9.8 | CRITICAL | Released | CLSA-2022:1660758906 | 2022-08-17 14:02:33 |
CloudLinux 6 ELS | rsync | 3.0.6 | 9.8 | CRITICAL | Released | CLSA-2022:1661442662 | 2022-09-07 11:02:33 |