CVE-2022-37434

Description

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

CVSS Metrics

• v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 92.54%• Percentile: 100%

Techniques & Countermeasures

• CWE-787•Out-of-bounds Write

  The product writes data past the end, or before the beginning, of the intended buffer.

• CWE-120•Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

  The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Affected Systems

• apple•ipados

  < 15.7.1

• apple•iphone_os

  < 15.7.1 | ≥ 16.0, < 16.1

• apple•macos

  ≥ 11.0, < 11.7.1 | ≥ 12.0.0, < 12.6.1

• apple•watchos

  < 9.1

• debian•debian_linux

  10.0

• fedoraproject•fedora

  35 | 36 | 37

• netapp•active_iq_unified_manager

  na

• netapp•h300s_firmware

  na

• netapp•h500s_firmware

  na

• netapp•h700s_firmware

  na

• netapp•hci

  na

• netapp•hci_compute_node

  na

• netapp•management_services_for_element_software

  na

• netapp•oncommand_workflow_automation

  na

• netapp•ontap_select_deploy_administration_utility

  na

• netapp•storagegrid

  na

• stormshield•stormshield_network_security

  ≥ 3.7.31, < 3.7.34 | ≥ 3.11.0, < 3.11.22 | ≥ 4.3.0, < 4.3.16 | ≥ 4.6.0, < 4.6.3

• zlib•zlib

  ≤ 1.2.12

References (27)

• https://github.com/ivd38/zlib_overflow
• https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1
• https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063
• https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764
• http://www.openwall.com/lists/oss-security/2022/08/05/2
• https://github.com/curl/curl/issues/9271
• http://www.openwall.com/lists/oss-security/2022/08/09/1
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/
• https://www.debian.org/security/2022/dsa-5218
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/
• https://security.netapp.com/advisory/ntap-20220901-0005/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/
• https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/
• https://support.apple.com/kb/HT213489
• https://support.apple.com/kb/HT213488
• https://support.apple.com/kb/HT213494
• https://support.apple.com/kb/HT213493
• https://support.apple.com/kb/HT213491
• https://support.apple.com/kb/HT213490
• http://seclists.org/fulldisclosure/2022/Oct/41
• http://seclists.org/fulldisclosure/2022/Oct/38
• http://seclists.org/fulldisclosure/2022/Oct/37
• http://seclists.org/fulldisclosure/2022/Oct/42
• https://security.netapp.com/advisory/ntap-20230427-0007/
• https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d