CVE-2018-25032 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2018-25032

CVE-2018-25032

March 25, 2022

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Affected Packages

zlib (CONAN):

Affected version(s) =1.2.11 <1.2.12

Fix Suggestion:

Update to version 1.2.12

nokogiri (RUBY):

Affected version(s)

Fix Suggestion:

Update to version 1.13.4

Related Resources (42)

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/

https://www.oracle.com/security-alerts/cpujul2022.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB

https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html

https://security.netapp.com/advisory/ntap-20220729-0004

https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf

http://www.openwall.com/lists/oss-security/2022/03/25/2

https://security.netapp.com/advisory/ntap-20220526-0009/

https://support.apple.com/kb/HT213257

https://nvd.nist.gov/vuln/detail/CVE-2018-25032

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF

https://support.apple.com/kb/HT213255

https://github.com/madler/zlib/compare/v1.2.11...v1.2.12

https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/

https://www.debian.org/security/2022/dsa-5111

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F

https://github.com/madler/zlib/issues/605

https://www.openwall.com/lists/oss-security/2022/03/28/1

https://www.openwall.com/lists/oss-security/2022/03/28/3

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

https://www.openwall.com/lists/oss-security/2022/03/24/1

https://security.gentoo.org/glsa/202210-42

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4

https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-25032.yml

http://www.openwall.com/lists/oss-security/2022/03/26/1

https://support.apple.com/kb/HT213256

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/

http://seclists.org/fulldisclosure/2022/May/35

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/

http://seclists.org/fulldisclosure/2022/May/38

https://bugs.python.org/issue47194

http://seclists.org/fulldisclosure/2022/May/33

https://security.netapp.com/advisory/ntap-20220729-0004/

https://security.netapp.com/advisory/ntap-20220526-0009

https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU

https://access.redhat.com/security/cve/CVE-2018-25032

Do you need more information?

CVSS v4

Base Score:

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

CVSS v2

Base Score:

5.0

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

EPSS

Base Score:

0.1

Products

Solutions

Resources

Company

Compare

Developer Tools