Updated: 2026-02-27 02:40:05.334866
Description:
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | CRITICAL | 9.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | zlib | 1.2.11 | 9.8 | CRITICAL | Already Fixed | 2023-11-08 08:35:45 | ||
| CentOS 6 ELS | zlib | 1.2.3 | 9.8 | CRITICAL | Released | CLSA-2022:1660762053 | 2022-08-29 14:02:38 | |
| CentOS 6 ELS | rsync | 3.0.6 | 9.8 | CRITICAL | Released | CLSA-2022:1661442999 | 2022-09-07 11:02:34 | |
| CentOS 7 ELS | rsync | 3.1.2 | 9.8 | CRITICAL | Released | CLSA-2023:1699380056 | 2023-11-07 13:07:46 | |
| CentOS 7 ELS | zlib | 1.2.7 | 9.8 | CRITICAL | Already Fixed | 2023-09-19 09:30:10 | ||
| CentOS 8.4 ELS | rsync | 3.1.3 | 9.8 | CRITICAL | Released | CLSA-2022:1661443990 | 2022-08-25 14:02:14 | |
| CentOS 8.4 ELS | zlib | 1.2.11-17 | 9.8 | CRITICAL | Released | CLSA-2022:1660757579 | 2022-08-17 14:02:32 | |
| CentOS 8.5 ELS | rsync | 3.1.3 | 9.8 | CRITICAL | Released | CLSA-2022:1661443683 | 2022-08-25 14:02:15 | |
| CentOS 8.5 ELS | zlib | 1.2.11-17 | 9.8 | CRITICAL | Released | CLSA-2022:1660758906 | 2022-08-17 14:02:33 | |
| CloudLinux 6 ELS | zlib | 1.2.3 | 9.8 | CRITICAL | Released | CLSA-2022:1660820285 | 2022-08-29 11:02:38 |