CVE-2018-25032

Summary

CVECVE-2018-25032
StatePUBLISHED
Assignermitre
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-03-25 09:15:08 UTC
Updated2026-07-14 12:16:46 UTC
Descriptionzlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Risk And Classification

Primary CVSS: v3.1 7.5 HIGH from [email protected]

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem Types: CWE-787 | n/a | CWE-787 CWE-787 Out-of-bounds Write


VersionSourceTypeScoreSeverityVector
3.1[email protected]Primary7.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1ADPDECLARED7.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1134c704f-9b21-4f2e-91b3-4a467353bcc0Secondary7.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.0[email protected]Primary5AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3.1 Breakdown

Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2.0 Breakdown

Access Vector
Network
Access Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Nokogiri Nokogiri All All All All
Application Python Python All All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Na N/a affected n/a Not specified
ADP Siemens CADRA affected V2511 custom Not specified
ADP Siemens SINAMICS PERFECT HARMONY GH180 affected * custom Not specified
ADP Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP affected V3.1.0 V3.1.5 custom Not specified
ADP Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP affected V3.1.0 V3.1.5 custom Not specified
ADP Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP affected V3.1.0 V3.1.5 custom Not specified
ADP Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP affected V3.1.0 V3.1.5 custom Not specified
ADP Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP MFP affected V3.1.0 V3.1.5 custom Not specified

References

ReferenceSourceLinkTags
cert-portal.siemens.com/productcert/html/ssa-398330.html 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e cert-portal.siemens.com
cert-portal.siemens.com/productcert/html/ssa-470355.html 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e cert-portal.siemens.com
July 2022 MySQL Server Vulnerabilities in NetApp Products | NetApp Product Security af854a3a-2127-422b-91ae-364da2661108 security.netapp.com Third Party Advisory
About the security content of macOS Big Sur 11.6.6 - Apple Support af854a3a-2127-422b-91ae-364da2661108 support.apple.com Third Party Advisory
[SECURITY] Fedora 36 Update: zlib-1.2.11-32.fc36 - package-announce - Fedora Mailing-Lists af854a3a-2127-422b-91ae-364da2661108 lists.fedoraproject.org Third Party Advisory
Full Disclosure: APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina af854a3a-2127-422b-91ae-364da2661108 seclists.org Mailing List, Third Party Advisory
[SECURITY] [DLA 2968-1] zlib security update af854a3a-2127-422b-91ae-364da2661108 lists.debian.org Mailing List, Third Party Advisory
[SECURITY] Fedora 35 Update: rsync-3.2.3-9.fc35 - package-announce - Fedora Mailing-Lists af854a3a-2127-422b-91ae-364da2661108 lists.fedoraproject.org Third Party Advisory
oss-security - Re: zlib memory corruption on deflate (i.e. compress) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Exploit, Mailing List, Third Party Advisory
oss-security - Re: zlib memory corruption on deflate (i.e. compress) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
oss-security - zlib memory corruption on deflate (i.e. compress) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
cert-portal.siemens.com/productcert/html/ssa-942865.html 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e cert-portal.siemens.com
Fix a bug that can crash deflate on some input when using Z_FIXED. · madler/zlib@5c44459 · GitHub af854a3a-2127-422b-91ae-364da2661108 github.com Patch, Third Party Advisory
Comparing v1.2.11...v1.2.12 · madler/zlib · GitHub af854a3a-2127-422b-91ae-364da2661108 github.com Patch, Third Party Advisory
[SECURITY] Fedora 35 Update: zlib-1.2.11-31.fc35 - package-announce - Fedora Mailing-Lists af854a3a-2127-422b-91ae-364da2661108 lists.fedoraproject.org Third Party Advisory
oss-security - Re: Re: zlib memory corruption on deflate (i.e. compress) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List, Third Party Advisory
[SECURITY] Fedora 36 Update: rsync-3.2.3-15.fc36 - package-announce - Fedora Mailing-Lists af854a3a-2127-422b-91ae-364da2661108 lists.fedoraproject.org Third Party Advisory
Oracle Critical Patch Update Advisory - July 2022 af854a3a-2127-422b-91ae-364da2661108 www.oracle.com Patch, Third Party Advisory
[SECURITY] Fedora 36 Update: uboot-tools-2022.04-2.fc36 - package-announce - Fedora Mailing-Lists af854a3a-2127-422b-91ae-364da2661108 lists.fedoraproject.org Third Party Advisory
CVE-2018-25032 Zlib Vulnerability in NetApp Products | NetApp Product Security af854a3a-2127-422b-91ae-364da2661108 security.netapp.com Third Party Advisory
zlib: Multiple vulnerabilities (GLSA 202210-42) — Gentoo security af854a3a-2127-422b-91ae-364da2661108 security.gentoo.org Third Party Advisory
cert-portal.siemens.com/productcert/html/ssa-333517.html 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e cert-portal.siemens.com
cert-portal.siemens.com/productcert/html/ssa-419740.html 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e cert-portal.siemens.com
CVE-2018-25032 (zlib memory corruption on deflate) · Issue #605 · madler/zlib · GitHub af854a3a-2127-422b-91ae-364da2661108 github.com Issue Tracking, Patch, Third Party Advisory
[SECURITY] [DLA 2993-1] libz-mingw-w64 security update af854a3a-2127-422b-91ae-364da2661108 lists.debian.org Mailing List, Third Party Advisory
cert-portal.siemens.com/productcert/html/ssa-565386.html 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e cert-portal.siemens.com
About the security content of macOS Monterey 12.4 - Apple Support af854a3a-2127-422b-91ae-364da2661108 support.apple.com Third Party Advisory
[SECURITY] [DLA 3114-1] mariadb-10.3 security update af854a3a-2127-422b-91ae-364da2661108 lists.debian.org Mailing List, Third Party Advisory
Debian -- Security Information -- DSA-5111-1 zlib af854a3a-2127-422b-91ae-364da2661108 www.debian.org Patch, Third Party Advisory
oss-security - Re: zlib memory corruption on deflate (i.e. compress) af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Exploit, Mailing List, Third Party Advisory
About the security content of Security Update 2022-004 Catalina - Apple Support af854a3a-2127-422b-91ae-364da2661108 support.apple.com Third Party Advisory
Full Disclosure: APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 af854a3a-2127-422b-91ae-364da2661108 seclists.org Mailing List, Third Party Advisory
Full Disclosure: APPLE-SA-2022-05-16-2 macOS Monterey 12.4 af854a3a-2127-422b-91ae-364da2661108 seclists.org Mailing List, Third Party Advisory
[SECURITY] Fedora 34 Update: rsync-3.2.3-6.fc34 - package-announce - Fedora Mailing-Lists af854a3a-2127-422b-91ae-364da2661108 lists.fedoraproject.org Third Party Advisory
cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf af854a3a-2127-422b-91ae-364da2661108 cert-portal.siemens.com Third Party Advisory
[SECURITY] Fedora 36 Update: rsync-3.2.3-15.fc36 - package-announce - Fedora Mailing-Lists MITRE lists.fedoraproject.org
[SECURITY] Fedora 36 Update: zlib-1.2.11-32.fc36 - package-announce - Fedora Mailing-Lists MITRE lists.fedoraproject.org
[SECURITY] Fedora 35 Update: rsync-3.2.3-9.fc35 - package-announce - Fedora Mailing-Lists MITRE lists.fedoraproject.org
[SECURITY] Fedora 36 Update: uboot-tools-2022.04-2.fc36 - package-announce - Fedora Mailing-Lists MITRE lists.fedoraproject.org
[SECURITY] Fedora 35 Update: zlib-1.2.11-31.fc35 - package-announce - Fedora Mailing-Lists MITRE lists.fedoraproject.org
[SECURITY] Fedora 34 Update: rsync-3.2.3-6.fc34 - package-announce - Fedora Mailing-Lists MITRE lists.fedoraproject.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 159770 Oracle Enterprise Linux Security Update for zlib (ELSA-2022-1642)
  • 159790 Oracle Enterprise Linux Security Update for zlib (ELSA-2022-2213)
  • 159843 Oracle Enterprise Linux Security Update for rsync (ELSA-2022-2201)
  • 159928 Oracle Enterprise Linux Security Update for zlib (ELSA-2022-4584)
  • 159936 Oracle Enterprise Linux Security Update for rsync (ELSA-2022-4592)
  • 159971 Oracle Enterprise Linux Security Update for zlib (ELSA-2022-9565)
  • 160262 Oracle Enterprise Linux Security Update for mingw-zlib (ELSA-2022-8420)
  • 179168 Debian Security Update for zlib (DSA 5111-1)
  • 179169 Debian Security Update for zlib (DLA 2968-1)
  • 179271 Debian Security Update for libz-mingw-w64 (DLA 2993-1)
  • 181097 Debian Security Update for mariadb-10.3 (DLA 3114-1)
  • 198720 Ubuntu Security Notification for zlib Vulnerability (USN-5355-1)
  • 198725 Ubuntu Security Notification for rsync Vulnerability (USN-5359-1)
  • 199043 Ubuntu Security Notification for MariaDB Vulnerabilities (USN-5739-1)
  • 20266 Oracle MySQL July 2022 Critical Patch Update (CPUJUL2022)
  • 20317 Oracle Database 21c Critical Patch Update - January 2023
  • 20318 Oracle Database 19c Critical Patch Update - January 2023
  • 20319 Oracle Database 19c Critical OJVM Patch Update - January 2023
  • 20389 IBM DB2 Multiple Vulnerabilities (7087162)
  • 240242 Red Hat Update for zlib (RHSA-2022:1642)
  • 240253 Red Hat Update for zlib (RHSA-2022:1661)
  • 240327 Red Hat Update for zlib (RHSA-2022:2213)
  • 240328 Red Hat Update for rsync (RHSA-2022:2198)
  • 240331 Red Hat Update for rsync (RHSA-2022:2192)
  • 240333 Red Hat Update for rsync (RHSA-2022:2201)
  • 240342 Red Hat Update for rsync (RHSA-2022:4592)
  • 240358 Red Hat Update for zlib (RHSA-2022:4584)
  • 240391 Red Hat Update for zlib (RHSA-2022:4845)
  • 241617 Red Hat Update for zlib (RHSA-2023:0943)
  • 257170 CentOS Security Update for zlib (CESA-2022:2213)
  • 282591 Fedora Security Update for rsync (FEDORA-2022-413a80a102)
  • 282635 Fedora Security Update for rsync (FEDORA-2022-dbd2935e44)
  • 282872 Fedora Security Update for uboot (FEDORA-2022-61cf1c64f6)
  • 283036 Fedora Security Update for zlib (FEDORA-2022-3a92250fd5)
  • 283069 Fedora Security Update for zlib (FEDORA-2022-b58a85e167)
  • 296064 Oracle Solaris 11.4 Support Repository Update (SRU) 46.119.2 Missing (CPUAPR2022)
  • 330131 IBM AIX Denial of Service (DoS) due to zlib and zlibNX (zlib_advisory)
  • 353206 Amazon Linux Security Advisory for zlib : ALAS2-2022-1772
  • 353973 Amazon Linux Security Advisory for zlib : ALAS-2022-1602
  • 354249 Amazon Linux Security Advisory for rsync : ALAS-2022-1640
  • 354323 Amazon Linux Security Advisory for zlib : ALAS2022-2022-100
  • 354390 Amazon Linux Security Advisory for rsync : ALAS2022-2022-158
  • 354522 Amazon Linux Security Advisory for zlib : ALAS2022-2022-159
  • 354637 Amazon Linux Security Advisory for zlib : AL2012-2022-369
  • 355132 Amazon Linux Security Advisory for zlib : ALAS2023-2023-003
  • 355190 Amazon Linux Security Advisory for rsync : ALAS2023-2023-002
  • 376569 Azul Java Multiple Vulnerabilities Security Update April 2022
  • 376607 Apple macOS Security Update 2022-004 Catalina (HT213255)
  • 376608 Apple MacOS Big Sur 11.6.6 Not Installed (HT213256)
  • 376612 Apple macOS Monterey 12.4 Not Installed (HT213257)
  • 376745 F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) zlib Vulnerability (K21548854)
  • 377129 Alibaba Cloud Linux Security Update for rsync (ALINUX3-SA-2022:0138)
  • 377788 Alibaba Cloud Linux Security Update for mingw-zlib (ALINUX3-SA-2022:0182)
  • 377911 Oracle Hypertext Transfer Protocol Server (HTTP Server) Multiple Vulnerabilities (CPUJAN2023)
  • 378599 Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)
  • 390280 Oracle Managed Virtualization (VM) Server for x86 Security Update for zlib (OVMSA-2023-0011)
  • 500831 Alpine Linux Security Update for zlib
  • 502118 Alpine Linux Security Update for minizip
  • 502245 Alpine Linux Security Update for zlib
  • 502495 Alpine Linux Security Update for mariadb
  • 502496 Alpine Linux Security Update for mariadb
  • 504149 Alpine Linux Security Update for mariadb
  • 504568 Alpine Linux Security Update for zlib
  • 591311 Bosch Rexroth PRA-ES8P2S Ethernet-Switch Multiple Vulnerabilities (BOSCH-SA-247053-BT)
  • 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
  • 671695 EulerOS Security Update for zlib (EulerOS-SA-2022-1777)
  • 671835 EulerOS Security Update for zlib (EulerOS-SA-2022-1920)
  • 671847 EulerOS Security Update for rsync (EulerOS-SA-2022-1913)
  • 671879 EulerOS Security Update for zlib (EulerOS-SA-2022-1956)
  • 671928 EulerOS Security Update for zlib (EulerOS-SA-2022-2016)
  • 671952 EulerOS Security Update for zlib (EulerOS-SA-2022-1986)
  • 671966 EulerOS Security Update for zlib (EulerOS-SA-2022-2175)
  • 671983 EulerOS Security Update for zlib (EulerOS-SA-2022-2150)
  • 672276 EulerOS Security Update for mariadb-connector-c (EulerOS-SA-2022-2691)
  • 672283 EulerOS Security Update for mariadb-connector-c (EulerOS-SA-2022-2659)
  • 672339 EulerOS Security Update for mariadb-connector-c (EulerOS-SA-2022-2771)
  • 672376 EulerOS Security Update for deltarpm (EulerOS-SA-2022-2723)
  • 672379 EulerOS Security Update for deltarpm (EulerOS-SA-2022-2758)
  • 672381 EulerOS Security Update for mariadb-connector-c (EulerOS-SA-2022-2736)
  • 672438 EulerOS Security Update for deltarpm (EulerOS-SA-2022-2841)
  • 672469 EulerOS Security Update for deltarpm (EulerOS-SA-2022-2816)
  • 672530 EulerOS Security Update for binutils (EulerOS-SA-2023-1094)
  • 672535 EulerOS Security Update for rsync (EulerOS-SA-2023-1135)
  • 672548 EulerOS Security Update for binutils (EulerOS-SA-2023-1118)
  • 672565 EulerOS Security Update for rsync (EulerOS-SA-2023-1111)
  • 672622 EulerOS Security Update for rsync (EulerOS-SA-2023-1370)
  • 672638 EulerOS Security Update for rsync (EulerOS-SA-2023-1398)
  • 672666 EulerOS Security Update for binutils (EulerOS-SA-2023-1349)
  • 672667 EulerOS Security Update for binutils (EulerOS-SA-2023-1377)
  • 672673 EulerOS Security Update for rsync (EulerOS-SA-2023-1431)
  • 672681 EulerOS Security Update for binutils (EulerOS-SA-2023-1420)
  • 672685 EulerOS Security Update for binutils (EulerOS-SA-2023-1405)
  • 672689 EulerOS Security Update for rsync (EulerOS-SA-2023-1416)
  • 690834 Free Berkeley Software Distribution (FreeBSD) Security Update for Free Berkeley Software Distribution (FreeBSD) (38f2e3a0-b61e-11ec-9ebc-1c697aa5a594)
  • 690902 Free Berkeley Software Distribution (FreeBSD) Security Update for mysql (8e150606-08c9-11ed-856e-d4c9ef517024)
  • 690926 Free Berkeley Software Distribution (FreeBSD) Security Update for mariadb (36d10af7-248d-11ed-856e-d4c9ef517024)
  • 710671 Gentoo Linux zlib Multiple Vulnerabilities (GLSA 202210-42)
  • 730739 IBM Aspera Faspex Multiple Security Vulnerabilities (6952319)
  • 751932 SUSE Enterprise Linux Security Update for zlib (SUSE-SU-2022:1023-1)
  • 751943 SUSE Enterprise Linux Security Update for zlib (SUSE-SU-2022:1061-1)
  • 751944 SUSE Enterprise Linux Security Update for zlib (SUSE-SU-2022:1043-1)
  • 751947 SUSE Enterprise Linux Security Update for zlib (SUSE-SU-2022:1062-1)
  • 751954 OpenSUSE Security Update for zlib (openSUSE-SU-2022:1061-1)
  • 752275 SUSE Enterprise Linux Security Update for python39 (SUSE-SU-2022:2174-1)
  • 752572 SUSE Enterprise Linux Security Update for mariadb (SUSE-SU-2022:3225-1)
  • 753129 SUSE Enterprise Linux Security Update for zlib (SUSE-SU-2022:14929-1)
  • 900778 Common Base Linux Mariner (CBL-Mariner) Security Update for zlib (9140)
  • 901486 Common Base Linux Mariner (CBL-Mariner) Security Update for zlib (9143-1)
  • 902017 Common Base Linux Mariner (CBL-Mariner) Security Update for zlib (9140-1)
  • 903904 Common Base Linux Mariner (CBL-Mariner) Security Update for mariadb (10957)
  • 903913 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (10961)
  • 904178 Common Base Linux Mariner (CBL-Mariner) Security Update for mariadb (10957-1)
  • 904801 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (10961-1)
  • 906117 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (10961-2)
  • 906807 Common Base Linux Mariner (CBL-Mariner) Security Update for grpc (26092-1)
  • 906811 Common Base Linux Mariner (CBL-Mariner) Security Update for tcl (26118-1)
  • 906827 Common Base Linux Mariner (CBL-Mariner) Security Update for boost (26086-1)
  • 906829 Common Base Linux Mariner (CBL-Mariner) Security Update for erlang (26089-1)
  • 906852 Common Base Linux Mariner (CBL-Mariner) Security Update for nmap (26156-1)
  • 906853 Common Base Linux Mariner (CBL-Mariner) Security Update for tcl (26164-1)
  • 906864 Common Base Linux Mariner (CBL-Mariner) Security Update for boost (26135-1)
  • 906878 Common Base Linux Mariner (CBL-Mariner) Security Update for python2 (26116-1)
  • 906879 Common Base Linux Mariner (CBL-Mariner) Security Update for ccache (26087-1)
  • 906957 Common Base Linux Mariner (CBL-Mariner) Security Update for openjdk8 (26131-1)
  • 940489 AlmaLinux Security Update for zlib (ALSA-2022:1642)
  • 940578 AlmaLinux Security Update for rsync (ALSA-2022:2201)
  • 940737 AlmaLinux Security Update for mingw-zlib (ALSA-2022:7813)
  • 940842 AlmaLinux Security Update for mingw-zlib (ALSA-2022:8420)
  • 960361 Rocky Linux Security Update for rsync (RLSA-2022:2201)
  • 960412 Rocky Linux Security Update for zlib (RLSA-2022:1642)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report