CVE-2022-37434
05.08.2022, 07:15
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).Enginsight
| Vendor | Product | Version |
|---|---|---|
| zlib | zlib | 𝑥 ≤ 1.2.12 |
| debian | debian_linux | 10.0 |
| netapp | active_iq_unified_manager | - |
| netapp | active_iq_unified_manager | - |
| netapp | hci | - |
| netapp | management_services_for_element_software | - |
| netapp | oncommand_workflow_automation | - |
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | storagegrid | - |
| netapp | hci_compute_node | - |
| netapp | h300s_firmware | - |
| netapp | h500s_firmware | - |
| netapp | h700s_firmware | - |
| netapp | h700s_firmware | - |
| apple | ipados | 𝑥 < 15.7.1 |
| apple | iphone_os | 𝑥 < 15.7.1 |
| apple | iphone_os | 16.0 ≤ 𝑥 < 16.1 |
| apple | macos | 11.0 ≤ 𝑥 < 11.7.1 |
| apple | macos | 12.0.0 ≤ 𝑥 < 12.6.1 |
| apple | watchos | 𝑥 < 9.1 |
| stormshield | stormshield_network_security | 3.7.31 ≤ 𝑥 < 3.7.34 |
| stormshield | stormshield_network_security | 3.11.0 ≤ 𝑥 < 3.11.22 |
| stormshield | stormshield_network_security | 4.3.0 ≤ 𝑥 < 4.3.16 |
| stormshield | stormshield_network_security | 4.6.0 ≤ 𝑥 < 4.6.3 |
𝑥
= Vulnerable software versions
Debian Releases
Debian Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libz-mingw-w64 |
| ||||||||||||
| zlib |
|
Ubuntu Releases
Ubuntu Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| klibc |
| ||||||||||||||||
| rsync |
| ||||||||||||||||
| zlib |
|
Common Weakness Enumeration
References