CVE-2018-25032
Summary
| CVE | CVE-2018-25032 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-03-25 09:15:08 UTC |
| Updated | 2026-07-14 12:16:46 UTC |
| Description | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. |
Risk And Classification
Primary CVSS: v3.1 7.5 HIGH from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Problem Types: CWE-787 | n/a | CWE-787 CWE-787 Out-of-bounds Write
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 3.1 | ADP | DECLARED | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 2.0 | [email protected] | Primary | 5 | AV:N/AC:L/Au:N/C:N/I:N/A:P |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
NoneIntegrity
NoneAvailability
PartialAV:N/AC:L/Au:N/C:N/I:N/A:P
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Na | N/a | affected n/a | Not specified |
| ADP | Siemens | CADRA | affected V2511 custom | Not specified |
| ADP | Siemens | SINAMICS PERFECT HARMONY GH180 | affected * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.0 V3.1.5 custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.0 V3.1.5 custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | affected V3.1.0 V3.1.5 custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | affected V3.1.0 V3.1.5 custom | Not specified |
| ADP | Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.0 V3.1.5 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| cert-portal.siemens.com/productcert/html/ssa-398330.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| cert-portal.siemens.com/productcert/html/ssa-470355.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| July 2022 MySQL Server Vulnerabilities in NetApp Products | NetApp Product Security | af854a3a-2127-422b-91ae-364da2661108 | security.netapp.com | Third Party Advisory |
| About the security content of macOS Big Sur 11.6.6 - Apple Support | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Third Party Advisory |
| [SECURITY] Fedora 36 Update: zlib-1.2.11-32.fc36 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| Full Disclosure: APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Mailing List, Third Party Advisory |
| [SECURITY] [DLA 2968-1] zlib security update | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 35 Update: rsync-3.2.3-9.fc35 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| oss-security - Re: zlib memory corruption on deflate (i.e. compress) | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Exploit, Mailing List, Third Party Advisory |
| oss-security - Re: zlib memory corruption on deflate (i.e. compress) | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Third Party Advisory |
| oss-security - zlib memory corruption on deflate (i.e. compress) | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Third Party Advisory |
| cert-portal.siemens.com/productcert/html/ssa-942865.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| Fix a bug that can crash deflate on some input when using Z_FIXED. · madler/zlib@5c44459 · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch, Third Party Advisory |
| Comparing v1.2.11...v1.2.12 · madler/zlib · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch, Third Party Advisory |
| [SECURITY] Fedora 35 Update: zlib-1.2.11-31.fc35 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| oss-security - Re: Re: zlib memory corruption on deflate (i.e. compress) | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 36 Update: rsync-3.2.3-15.fc36 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| Oracle Critical Patch Update Advisory - July 2022 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | Patch, Third Party Advisory |
| [SECURITY] Fedora 36 Update: uboot-tools-2022.04-2.fc36 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| CVE-2018-25032 Zlib Vulnerability in NetApp Products | NetApp Product Security | af854a3a-2127-422b-91ae-364da2661108 | security.netapp.com | Third Party Advisory |
| zlib: Multiple vulnerabilities (GLSA 202210-42) — Gentoo security | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | Third Party Advisory |
| cert-portal.siemens.com/productcert/html/ssa-333517.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| cert-portal.siemens.com/productcert/html/ssa-419740.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| CVE-2018-25032 (zlib memory corruption on deflate) · Issue #605 · madler/zlib · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Issue Tracking, Patch, Third Party Advisory |
| [SECURITY] [DLA 2993-1] libz-mingw-w64 security update | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | Mailing List, Third Party Advisory |
| cert-portal.siemens.com/productcert/html/ssa-565386.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| About the security content of macOS Monterey 12.4 - Apple Support | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Third Party Advisory |
| [SECURITY] [DLA 3114-1] mariadb-10.3 security update | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | Mailing List, Third Party Advisory |
| Debian -- Security Information -- DSA-5111-1 zlib | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Patch, Third Party Advisory |
| oss-security - Re: zlib memory corruption on deflate (i.e. compress) | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Exploit, Mailing List, Third Party Advisory |
| About the security content of Security Update 2022-004 Catalina - Apple Support | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Third Party Advisory |
| Full Disclosure: APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Mailing List, Third Party Advisory |
| Full Disclosure: APPLE-SA-2022-05-16-2 macOS Monterey 12.4 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 34 Update: rsync-3.2.3-6.fc34 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf | af854a3a-2127-422b-91ae-364da2661108 | cert-portal.siemens.com | Third Party Advisory |
| [SECURITY] Fedora 36 Update: rsync-3.2.3-15.fc36 - package-announce - Fedora Mailing-Lists | MITRE | lists.fedoraproject.org | |
| [SECURITY] Fedora 36 Update: zlib-1.2.11-32.fc36 - package-announce - Fedora Mailing-Lists | MITRE | lists.fedoraproject.org | |
| [SECURITY] Fedora 35 Update: rsync-3.2.3-9.fc35 - package-announce - Fedora Mailing-Lists | MITRE | lists.fedoraproject.org | |
| [SECURITY] Fedora 36 Update: uboot-tools-2022.04-2.fc36 - package-announce - Fedora Mailing-Lists | MITRE | lists.fedoraproject.org | |
| [SECURITY] Fedora 35 Update: zlib-1.2.11-31.fc35 - package-announce - Fedora Mailing-Lists | MITRE | lists.fedoraproject.org | |
| [SECURITY] Fedora 34 Update: rsync-3.2.3-6.fc34 - package-announce - Fedora Mailing-Lists | MITRE | lists.fedoraproject.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159770 Oracle Enterprise Linux Security Update for zlib (ELSA-2022-1642)
- 159790 Oracle Enterprise Linux Security Update for zlib (ELSA-2022-2213)
- 159843 Oracle Enterprise Linux Security Update for rsync (ELSA-2022-2201)
- 159928 Oracle Enterprise Linux Security Update for zlib (ELSA-2022-4584)
- 159936 Oracle Enterprise Linux Security Update for rsync (ELSA-2022-4592)
- 159971 Oracle Enterprise Linux Security Update for zlib (ELSA-2022-9565)
- 160262 Oracle Enterprise Linux Security Update for mingw-zlib (ELSA-2022-8420)
- 179168 Debian Security Update for zlib (DSA 5111-1)
- 179169 Debian Security Update for zlib (DLA 2968-1)
- 179271 Debian Security Update for libz-mingw-w64 (DLA 2993-1)
- 181097 Debian Security Update for mariadb-10.3 (DLA 3114-1)
- 198720 Ubuntu Security Notification for zlib Vulnerability (USN-5355-1)
- 198725 Ubuntu Security Notification for rsync Vulnerability (USN-5359-1)
- 199043 Ubuntu Security Notification for MariaDB Vulnerabilities (USN-5739-1)
- 20266 Oracle MySQL July 2022 Critical Patch Update (CPUJUL2022)
- 20317 Oracle Database 21c Critical Patch Update - January 2023
- 20318 Oracle Database 19c Critical Patch Update - January 2023
- 20319 Oracle Database 19c Critical OJVM Patch Update - January 2023
- 20389 IBM DB2 Multiple Vulnerabilities (7087162)
- 240242 Red Hat Update for zlib (RHSA-2022:1642)
- 240253 Red Hat Update for zlib (RHSA-2022:1661)
- 240327 Red Hat Update for zlib (RHSA-2022:2213)
- 240328 Red Hat Update for rsync (RHSA-2022:2198)
- 240331 Red Hat Update for rsync (RHSA-2022:2192)
- 240333 Red Hat Update for rsync (RHSA-2022:2201)
- 240342 Red Hat Update for rsync (RHSA-2022:4592)
- 240358 Red Hat Update for zlib (RHSA-2022:4584)
- 240391 Red Hat Update for zlib (RHSA-2022:4845)
- 241617 Red Hat Update for zlib (RHSA-2023:0943)
- 257170 CentOS Security Update for zlib (CESA-2022:2213)
- 282591 Fedora Security Update for rsync (FEDORA-2022-413a80a102)
- 282635 Fedora Security Update for rsync (FEDORA-2022-dbd2935e44)
- 282872 Fedora Security Update for uboot (FEDORA-2022-61cf1c64f6)
- 283036 Fedora Security Update for zlib (FEDORA-2022-3a92250fd5)
- 283069 Fedora Security Update for zlib (FEDORA-2022-b58a85e167)
- 296064 Oracle Solaris 11.4 Support Repository Update (SRU) 46.119.2 Missing (CPUAPR2022)
- 330131 IBM AIX Denial of Service (DoS) due to zlib and zlibNX (zlib_advisory)
- 353206 Amazon Linux Security Advisory for zlib : ALAS2-2022-1772
- 353973 Amazon Linux Security Advisory for zlib : ALAS-2022-1602
- 354249 Amazon Linux Security Advisory for rsync : ALAS-2022-1640
- 354323 Amazon Linux Security Advisory for zlib : ALAS2022-2022-100
- 354390 Amazon Linux Security Advisory for rsync : ALAS2022-2022-158
- 354522 Amazon Linux Security Advisory for zlib : ALAS2022-2022-159
- 354637 Amazon Linux Security Advisory for zlib : AL2012-2022-369
- 355132 Amazon Linux Security Advisory for zlib : ALAS2023-2023-003
- 355190 Amazon Linux Security Advisory for rsync : ALAS2023-2023-002
- 376569 Azul Java Multiple Vulnerabilities Security Update April 2022
- 376607 Apple macOS Security Update 2022-004 Catalina (HT213255)
- 376608 Apple MacOS Big Sur 11.6.6 Not Installed (HT213256)
- 376612 Apple macOS Monterey 12.4 Not Installed (HT213257)
- 376745 F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) zlib Vulnerability (K21548854)
- 377129 Alibaba Cloud Linux Security Update for rsync (ALINUX3-SA-2022:0138)
- 377788 Alibaba Cloud Linux Security Update for mingw-zlib (ALINUX3-SA-2022:0182)
- 377911 Oracle Hypertext Transfer Protocol Server (HTTP Server) Multiple Vulnerabilities (CPUJAN2023)
- 378599 Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)
- 390280 Oracle Managed Virtualization (VM) Server for x86 Security Update for zlib (OVMSA-2023-0011)
- 500831 Alpine Linux Security Update for zlib
- 502118 Alpine Linux Security Update for minizip
- 502245 Alpine Linux Security Update for zlib
- 502495 Alpine Linux Security Update for mariadb
- 502496 Alpine Linux Security Update for mariadb
- 504149 Alpine Linux Security Update for mariadb
- 504568 Alpine Linux Security Update for zlib
- 591311 Bosch Rexroth PRA-ES8P2S Ethernet-Switch Multiple Vulnerabilities (BOSCH-SA-247053-BT)
- 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
- 671695 EulerOS Security Update for zlib (EulerOS-SA-2022-1777)
- 671835 EulerOS Security Update for zlib (EulerOS-SA-2022-1920)
- 671847 EulerOS Security Update for rsync (EulerOS-SA-2022-1913)
- 671879 EulerOS Security Update for zlib (EulerOS-SA-2022-1956)
- 671928 EulerOS Security Update for zlib (EulerOS-SA-2022-2016)
- 671952 EulerOS Security Update for zlib (EulerOS-SA-2022-1986)
- 671966 EulerOS Security Update for zlib (EulerOS-SA-2022-2175)
- 671983 EulerOS Security Update for zlib (EulerOS-SA-2022-2150)
- 672276 EulerOS Security Update for mariadb-connector-c (EulerOS-SA-2022-2691)
- 672283 EulerOS Security Update for mariadb-connector-c (EulerOS-SA-2022-2659)
- 672339 EulerOS Security Update for mariadb-connector-c (EulerOS-SA-2022-2771)
- 672376 EulerOS Security Update for deltarpm (EulerOS-SA-2022-2723)
- 672379 EulerOS Security Update for deltarpm (EulerOS-SA-2022-2758)
- 672381 EulerOS Security Update for mariadb-connector-c (EulerOS-SA-2022-2736)
- 672438 EulerOS Security Update for deltarpm (EulerOS-SA-2022-2841)
- 672469 EulerOS Security Update for deltarpm (EulerOS-SA-2022-2816)
- 672530 EulerOS Security Update for binutils (EulerOS-SA-2023-1094)
- 672535 EulerOS Security Update for rsync (EulerOS-SA-2023-1135)
- 672548 EulerOS Security Update for binutils (EulerOS-SA-2023-1118)
- 672565 EulerOS Security Update for rsync (EulerOS-SA-2023-1111)
- 672622 EulerOS Security Update for rsync (EulerOS-SA-2023-1370)
- 672638 EulerOS Security Update for rsync (EulerOS-SA-2023-1398)
- 672666 EulerOS Security Update for binutils (EulerOS-SA-2023-1349)
- 672667 EulerOS Security Update for binutils (EulerOS-SA-2023-1377)
- 672673 EulerOS Security Update for rsync (EulerOS-SA-2023-1431)
- 672681 EulerOS Security Update for binutils (EulerOS-SA-2023-1420)
- 672685 EulerOS Security Update for binutils (EulerOS-SA-2023-1405)
- 672689 EulerOS Security Update for rsync (EulerOS-SA-2023-1416)
- 690834 Free Berkeley Software Distribution (FreeBSD) Security Update for Free Berkeley Software Distribution (FreeBSD) (38f2e3a0-b61e-11ec-9ebc-1c697aa5a594)
- 690902 Free Berkeley Software Distribution (FreeBSD) Security Update for mysql (8e150606-08c9-11ed-856e-d4c9ef517024)
- 690926 Free Berkeley Software Distribution (FreeBSD) Security Update for mariadb (36d10af7-248d-11ed-856e-d4c9ef517024)
- 710671 Gentoo Linux zlib Multiple Vulnerabilities (GLSA 202210-42)
- 730739 IBM Aspera Faspex Multiple Security Vulnerabilities (6952319)
- 751932 SUSE Enterprise Linux Security Update for zlib (SUSE-SU-2022:1023-1)
- 751943 SUSE Enterprise Linux Security Update for zlib (SUSE-SU-2022:1061-1)
- 751944 SUSE Enterprise Linux Security Update for zlib (SUSE-SU-2022:1043-1)
- 751947 SUSE Enterprise Linux Security Update for zlib (SUSE-SU-2022:1062-1)
- 751954 OpenSUSE Security Update for zlib (openSUSE-SU-2022:1061-1)
- 752275 SUSE Enterprise Linux Security Update for python39 (SUSE-SU-2022:2174-1)
- 752572 SUSE Enterprise Linux Security Update for mariadb (SUSE-SU-2022:3225-1)
- 753129 SUSE Enterprise Linux Security Update for zlib (SUSE-SU-2022:14929-1)
- 900778 Common Base Linux Mariner (CBL-Mariner) Security Update for zlib (9140)
- 901486 Common Base Linux Mariner (CBL-Mariner) Security Update for zlib (9143-1)
- 902017 Common Base Linux Mariner (CBL-Mariner) Security Update for zlib (9140-1)
- 903904 Common Base Linux Mariner (CBL-Mariner) Security Update for mariadb (10957)
- 903913 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (10961)
- 904178 Common Base Linux Mariner (CBL-Mariner) Security Update for mariadb (10957-1)
- 904801 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (10961-1)
- 906117 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (10961-2)
- 906807 Common Base Linux Mariner (CBL-Mariner) Security Update for grpc (26092-1)
- 906811 Common Base Linux Mariner (CBL-Mariner) Security Update for tcl (26118-1)
- 906827 Common Base Linux Mariner (CBL-Mariner) Security Update for boost (26086-1)
- 906829 Common Base Linux Mariner (CBL-Mariner) Security Update for erlang (26089-1)
- 906852 Common Base Linux Mariner (CBL-Mariner) Security Update for nmap (26156-1)
- 906853 Common Base Linux Mariner (CBL-Mariner) Security Update for tcl (26164-1)
- 906864 Common Base Linux Mariner (CBL-Mariner) Security Update for boost (26135-1)
- 906878 Common Base Linux Mariner (CBL-Mariner) Security Update for python2 (26116-1)
- 906879 Common Base Linux Mariner (CBL-Mariner) Security Update for ccache (26087-1)
- 906957 Common Base Linux Mariner (CBL-Mariner) Security Update for openjdk8 (26131-1)
- 940489 AlmaLinux Security Update for zlib (ALSA-2022:1642)
- 940578 AlmaLinux Security Update for rsync (ALSA-2022:2201)
- 940737 AlmaLinux Security Update for mingw-zlib (ALSA-2022:7813)
- 940842 AlmaLinux Security Update for mingw-zlib (ALSA-2022:8420)
- 960361 Rocky Linux Security Update for rsync (RLSA-2022:2201)
- 960412 Rocky Linux Security Update for zlib (RLSA-2022:1642)