CVE-2018-25032
Summary
| CVE | CVE-2018-25032 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-03-25 09:15:00 UTC |
| Updated | 2023-11-07 02:56:00 UTC |
| Description | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Macos | All | All | All | All |
| Operating System | Apple | Mac Os X | All | All | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | - | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2020 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2020-001 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2020-005 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2020-007 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2021-001 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2021-002 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2021-003 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2021-006 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2021-007 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2021-008 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2022-001 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2022-002 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2022-003 | All | All |
| Application | Azul | Zulu | 11.54 | All | All | All |
| Application | Azul | Zulu | 13.46 | All | All | All |
| Application | Azul | Zulu | 15.38 | All | All | All |
| Application | Azul | Zulu | 17.32 | All | All | All |
| Application | Azul | Zulu | 6.45 | All | All | All |
| Application | Azul | Zulu | 7.52 | All | All | All |
| Application | Azul | Zulu | 8.60 | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 11.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 34 | All | All | All |
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Operating System | Fedoraproject | Fedora | 36 | All | All | All |
| Application | Goto | Gotoassist | All | All | All | All |
| Application | Mariadb | Mariadb | All | All | All | All |
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Application | Netapp | E-series Santricity Os Controller | All | All | All | All |
| Hardware | Netapp | H300s | - | All | All | All |
| Operating System | Netapp | H300s Firmware | - | All | All | All |
| Hardware | Netapp | H410c | - | All | All | All |
| Operating System | Netapp | H410c Firmware | - | All | All | All |
| Hardware | Netapp | H410s | - | All | All | All |
| Operating System | Netapp | H410s Firmware | - | All | All | All |
| Hardware | Netapp | H500s | - | All | All | All |
| Operating System | Netapp | H500s Firmware | - | All | All | All |
| Hardware | Netapp | H700s | - | All | All | All |
| Operating System | Netapp | H700s Firmware | - | All | All | All |
| Hardware | Netapp | Hci Compute Node | - | All | All | All |
| Application | Netapp | Management Services For Element Software | - | All | All | All |
| Application | Netapp | Oncommand Insight | - | All | All | All |
| Application | Netapp | Oncommand Workflow Automation | - | All | All | All |
| Application | Netapp | Ontap Select Deploy Administration Utility | - | All | All | All |
| Application | Netapp | Snapcenter | - | All | All | All |
| Application | Python | Python | All | All | All | All |
| Hardware | Siemens | Scalance Sc622-2c | - | All | All | All |
| Operating System | Siemens | Scalance Sc622-2c Firmware | All | All | All | All |
| Hardware | Siemens | Scalance Sc626-2c | - | All | All | All |
| Operating System | Siemens | Scalance Sc626-2c Firmware | All | All | All | All |
| Hardware | Siemens | Scalance Sc632-2c | - | All | All | All |
| Operating System | Siemens | Scalance Sc632-2c Firmware | All | All | All | All |
| Hardware | Siemens | Scalance Sc636-2c | - | All | All | All |
| Operating System | Siemens | Scalance Sc636-2c Firmware | All | All | All | All |
| Hardware | Siemens | Scalance Sc642-2c | - | All | All | All |
| Operating System | Siemens | Scalance Sc642-2c Firmware | All | All | All | All |
| Hardware | Siemens | Scalance Sc646-2c | - | All | All | All |
| Operating System | Siemens | Scalance Sc646-2c Firmware | All | All | All | All |
| Application | Zlib | Zlib | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] [DLA 2993-1] libz-mingw-w64 security update | MLIST | lists.debian.org | |
| oss-security - Re: Re: zlib memory corruption on deflate (i.e. compress) | MISC | www.openwall.com | |
| July 2022 MySQL Server Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| [SECURITY] Fedora 36 Update: zlib-1.2.11-32.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 35 Update: zlib-1.2.11-31.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| About the security content of macOS Big Sur 11.6.6 - Apple Support | CONFIRM | support.apple.com | |
| [SECURITY] [DLA 2968-1] zlib security update | MLIST | lists.debian.org | |
| Full Disclosure: APPLE-SA-2022-05-16-2 macOS Monterey 12.4 | FULLDISC | seclists.org | |
| About the security content of macOS Monterey 12.4 - Apple Support | CONFIRM | support.apple.com | |
| [SECURITY] Fedora 35 Update: rsync-3.2.3-9.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| Debian -- Security Information -- DSA-5111-1 zlib | DEBIAN | www.debian.org | |
| CVE-2018-25032 (zlib memory corruption on deflate) · Issue #605 · madler/zlib · GitHub | MISC | github.com | |
| cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf | CONFIRM | cert-portal.siemens.com | |
| [SECURITY] Fedora 36 Update: uboot-tools-2022.04-2.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| About the security content of Security Update 2022-004 Catalina - Apple Support | CONFIRM | support.apple.com | |
| oss-security - Re: zlib memory corruption on deflate (i.e. compress) | MISC | www.openwall.com | |
| [SECURITY] Fedora 36 Update: rsync-3.2.3-15.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| oss-security - Re: zlib memory corruption on deflate (i.e. compress) | MLIST | www.openwall.com | |
| Fix a bug that can crash deflate on some input when using Z_FIXED. · madler/zlib@5c44459 · GitHub | MISC | github.com | |
| zlib: Multiple vulnerabilities (GLSA 202210-42) — Gentoo security | GENTOO | security.gentoo.org | |
| [SECURITY] Fedora 35 Update: zlib-1.2.11-31.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Full Disclosure: APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 | FULLDISC | seclists.org | |
| [SECURITY] Fedora 35 Update: rsync-3.2.3-9.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] [DLA 3114-1] mariadb-10.3 security update | MLIST | lists.debian.org | |
| [SECURITY] Fedora 36 Update: uboot-tools-2022.04-2.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| oss-security - zlib memory corruption on deflate (i.e. compress) | MISC | www.openwall.com | |
| [SECURITY] Fedora 34 Update: rsync-3.2.3-6.fc34 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| CVE-2018-25032 Zlib Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| [SECURITY] Fedora 36 Update: zlib-1.2.11-32.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| Full Disclosure: APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina | FULLDISC | seclists.org | |
| Oracle Critical Patch Update Advisory - July 2022 | N/A | www.oracle.com | |
| [SECURITY] Fedora 36 Update: rsync-3.2.3-15.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| oss-security - Re: zlib memory corruption on deflate (i.e. compress) | MLIST | www.openwall.com | |
| Comparing v1.2.11...v1.2.12 · madler/zlib · GitHub | CONFIRM | github.com | |
| [SECURITY] Fedora 34 Update: rsync-3.2.3-6.fc34 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159770 Oracle Enterprise Linux Security Update for zlib (ELSA-2022-1642)
- 159790 Oracle Enterprise Linux Security Update for zlib (ELSA-2022-2213)
- 159843 Oracle Enterprise Linux Security Update for rsync (ELSA-2022-2201)
- 159928 Oracle Enterprise Linux Security Update for zlib (ELSA-2022-4584)
- 159936 Oracle Enterprise Linux Security Update for rsync (ELSA-2022-4592)
- 159971 Oracle Enterprise Linux Security Update for zlib (ELSA-2022-9565)
- 160262 Oracle Enterprise Linux Security Update for mingw-zlib (ELSA-2022-8420)
- 179168 Debian Security Update for zlib (DSA 5111-1)
- 179169 Debian Security Update for zlib (DLA 2968-1)
- 179271 Debian Security Update for libz-mingw-w64 (DLA 2993-1)
- 181097 Debian Security Update for mariadb-10.3 (DLA 3114-1)
- 198720 Ubuntu Security Notification for zlib Vulnerability (USN-5355-1)
- 198725 Ubuntu Security Notification for rsync Vulnerability (USN-5359-1)
- 199043 Ubuntu Security Notification for MariaDB Vulnerabilities (USN-5739-1)
- 20266 Oracle MySQL July 2022 Critical Patch Update (CPUJUL2022)
- 20317 Oracle Database 21c Critical Patch Update - January 2023
- 20318 Oracle Database 19c Critical Patch Update - January 2023
- 20319 Oracle Database 19c Critical OJVM Patch Update - January 2023
- 20389 IBM DB2 Multiple Vulnerabilities (7087162)
- 240242 Red Hat Update for zlib (RHSA-2022:1642)
- 240253 Red Hat Update for zlib (RHSA-2022:1661)
- 240327 Red Hat Update for zlib (RHSA-2022:2213)
- 240328 Red Hat Update for rsync (RHSA-2022:2198)
- 240331 Red Hat Update for rsync (RHSA-2022:2192)
- 240333 Red Hat Update for rsync (RHSA-2022:2201)
- 240342 Red Hat Update for rsync (RHSA-2022:4592)
- 240358 Red Hat Update for zlib (RHSA-2022:4584)
- 240391 Red Hat Update for zlib (RHSA-2022:4845)
- 241617 Red Hat Update for zlib (RHSA-2023:0943)
- 257170 CentOS Security Update for zlib (CESA-2022:2213)
- 282591 Fedora Security Update for rsync (FEDORA-2022-413a80a102)
- 282635 Fedora Security Update for rsync (FEDORA-2022-dbd2935e44)
- 282872 Fedora Security Update for uboot (FEDORA-2022-61cf1c64f6)
- 283036 Fedora Security Update for zlib (FEDORA-2022-3a92250fd5)
- 283069 Fedora Security Update for zlib (FEDORA-2022-b58a85e167)
- 296064 Oracle Solaris 11.4 Support Repository Update (SRU) 46.119.2 Missing (CPUAPR2022)
- 330131 IBM AIX Denial of Service (DoS) due to zlib and zlibNX (zlib_advisory)
- 353206 Amazon Linux Security Advisory for zlib : ALAS2-2022-1772
- 353973 Amazon Linux Security Advisory for zlib : ALAS-2022-1602
- 354249 Amazon Linux Security Advisory for rsync : ALAS-2022-1640
- 354323 Amazon Linux Security Advisory for zlib : ALAS2022-2022-100
- 354390 Amazon Linux Security Advisory for rsync : ALAS2022-2022-158
- 354522 Amazon Linux Security Advisory for zlib : ALAS2022-2022-159
- 354637 Amazon Linux Security Advisory for zlib : AL2012-2022-369
- 355132 Amazon Linux Security Advisory for zlib : ALAS2023-2023-003
- 355190 Amazon Linux Security Advisory for rsync : ALAS2023-2023-002
- 376569 Azul Java Multiple Vulnerabilities Security Update April 2022
- 376607 Apple macOS Security Update 2022-004 Catalina (HT213255)
- 376608 Apple MacOS Big Sur 11.6.6 Not Installed (HT213256)
- 376612 Apple macOS Monterey 12.4 Not Installed (HT213257)
- 376745 F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) zlib Vulnerability (K21548854)
- 377129 Alibaba Cloud Linux Security Update for rsync (ALINUX3-SA-2022:0138)
- 377788 Alibaba Cloud Linux Security Update for mingw-zlib (ALINUX3-SA-2022:0182)
- 377911 Oracle Hypertext Transfer Protocol Server (HTTP Server) Multiple Vulnerabilities (CPUJAN2023)
- 378599 Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)
- 390280 Oracle Managed Virtualization (VM) Server for x86 Security Update for zlib (OVMSA-2023-0011)
- 500831 Alpine Linux Security Update for zlib
- 502118 Alpine Linux Security Update for minizip
- 502245 Alpine Linux Security Update for zlib
- 502495 Alpine Linux Security Update for mariadb
- 502496 Alpine Linux Security Update for mariadb
- 504149 Alpine Linux Security Update for mariadb
- 504568 Alpine Linux Security Update for zlib
- 591311 Bosch Rexroth PRA-ES8P2S Ethernet-Switch Multiple Vulnerabilities (BOSCH-SA-247053-BT)
- 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
- 671695 EulerOS Security Update for zlib (EulerOS-SA-2022-1777)
- 671835 EulerOS Security Update for zlib (EulerOS-SA-2022-1920)
- 671847 EulerOS Security Update for rsync (EulerOS-SA-2022-1913)
- 671879 EulerOS Security Update for zlib (EulerOS-SA-2022-1956)
- 671928 EulerOS Security Update for zlib (EulerOS-SA-2022-2016)
- 671952 EulerOS Security Update for zlib (EulerOS-SA-2022-1986)
- 671966 EulerOS Security Update for zlib (EulerOS-SA-2022-2175)
- 671983 EulerOS Security Update for zlib (EulerOS-SA-2022-2150)
- 672276 EulerOS Security Update for mariadb-connector-c (EulerOS-SA-2022-2691)
- 672283 EulerOS Security Update for mariadb-connector-c (EulerOS-SA-2022-2659)
- 672339 EulerOS Security Update for mariadb-connector-c (EulerOS-SA-2022-2771)
- 672376 EulerOS Security Update for deltarpm (EulerOS-SA-2022-2723)
- 672379 EulerOS Security Update for deltarpm (EulerOS-SA-2022-2758)
- 672381 EulerOS Security Update for mariadb-connector-c (EulerOS-SA-2022-2736)
- 672438 EulerOS Security Update for deltarpm (EulerOS-SA-2022-2841)
- 672469 EulerOS Security Update for deltarpm (EulerOS-SA-2022-2816)
- 672530 EulerOS Security Update for binutils (EulerOS-SA-2023-1094)
- 672535 EulerOS Security Update for rsync (EulerOS-SA-2023-1135)
- 672548 EulerOS Security Update for binutils (EulerOS-SA-2023-1118)
- 672565 EulerOS Security Update for rsync (EulerOS-SA-2023-1111)
- 672622 EulerOS Security Update for rsync (EulerOS-SA-2023-1370)
- 672638 EulerOS Security Update for rsync (EulerOS-SA-2023-1398)
- 672666 EulerOS Security Update for binutils (EulerOS-SA-2023-1349)
- 672667 EulerOS Security Update for binutils (EulerOS-SA-2023-1377)
- 672673 EulerOS Security Update for rsync (EulerOS-SA-2023-1431)
- 672681 EulerOS Security Update for binutils (EulerOS-SA-2023-1420)
- 672685 EulerOS Security Update for binutils (EulerOS-SA-2023-1405)
- 672689 EulerOS Security Update for rsync (EulerOS-SA-2023-1416)
- 690834 Free Berkeley Software Distribution (FreeBSD) Security Update for Free Berkeley Software Distribution (FreeBSD) (38f2e3a0-b61e-11ec-9ebc-1c697aa5a594)
- 690902 Free Berkeley Software Distribution (FreeBSD) Security Update for mysql (8e150606-08c9-11ed-856e-d4c9ef517024)
- 690926 Free Berkeley Software Distribution (FreeBSD) Security Update for mariadb (36d10af7-248d-11ed-856e-d4c9ef517024)
- 710671 Gentoo Linux zlib Multiple Vulnerabilities (GLSA 202210-42)
- 730739 IBM Aspera Faspex Multiple Security Vulnerabilities (6952319)
- 751932 SUSE Enterprise Linux Security Update for zlib (SUSE-SU-2022:1023-1)
- 751943 SUSE Enterprise Linux Security Update for zlib (SUSE-SU-2022:1061-1)
- 751944 SUSE Enterprise Linux Security Update for zlib (SUSE-SU-2022:1043-1)
- 751947 SUSE Enterprise Linux Security Update for zlib (SUSE-SU-2022:1062-1)
- 751954 OpenSUSE Security Update for zlib (openSUSE-SU-2022:1061-1)
- 752275 SUSE Enterprise Linux Security Update for python39 (SUSE-SU-2022:2174-1)
- 752572 SUSE Enterprise Linux Security Update for mariadb (SUSE-SU-2022:3225-1)
- 753129 SUSE Enterprise Linux Security Update for zlib (SUSE-SU-2022:14929-1)
- 900778 Common Base Linux Mariner (CBL-Mariner) Security Update for zlib (9140)
- 901486 Common Base Linux Mariner (CBL-Mariner) Security Update for zlib (9143-1)
- 902017 Common Base Linux Mariner (CBL-Mariner) Security Update for zlib (9140-1)
- 903904 Common Base Linux Mariner (CBL-Mariner) Security Update for mariadb (10957)
- 903913 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (10961)
- 904178 Common Base Linux Mariner (CBL-Mariner) Security Update for mariadb (10957-1)
- 904801 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (10961-1)
- 906117 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (10961-2)
- 906807 Common Base Linux Mariner (CBL-Mariner) Security Update for grpc (26092-1)
- 906811 Common Base Linux Mariner (CBL-Mariner) Security Update for tcl (26118-1)
- 906827 Common Base Linux Mariner (CBL-Mariner) Security Update for boost (26086-1)
- 906829 Common Base Linux Mariner (CBL-Mariner) Security Update for erlang (26089-1)
- 906852 Common Base Linux Mariner (CBL-Mariner) Security Update for nmap (26156-1)
- 906853 Common Base Linux Mariner (CBL-Mariner) Security Update for tcl (26164-1)
- 906864 Common Base Linux Mariner (CBL-Mariner) Security Update for boost (26135-1)
- 906878 Common Base Linux Mariner (CBL-Mariner) Security Update for python2 (26116-1)
- 906879 Common Base Linux Mariner (CBL-Mariner) Security Update for ccache (26087-1)
- 906957 Common Base Linux Mariner (CBL-Mariner) Security Update for openjdk8 (26131-1)
- 940489 AlmaLinux Security Update for zlib (ALSA-2022:1642)
- 940578 AlmaLinux Security Update for rsync (ALSA-2022:2201)
- 940737 AlmaLinux Security Update for mingw-zlib (ALSA-2022:7813)
- 940842 AlmaLinux Security Update for mingw-zlib (ALSA-2022:8420)
- 960361 Rocky Linux Security Update for rsync (RLSA-2022:2201)
- 960412 Rocky Linux Security Update for zlib (RLSA-2022:1642)