zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

OSVersionArchitecturePackageVersionFilename
Debian12alllibz-mingw-w64< 1.2.12+dfsg-2libz-mingw-w64_1.2.12+dfsg-2_all.deb
Debian11alllibz-mingw-w64<= 1.2.11+dfsg-2libz-mingw-w64_1.2.11+dfsg-2_all.deb
Debian10alllibz-mingw-w64<= 1.2.11+dfsg-2libz-mingw-w64_1.2.11+dfsg-2_all.deb
Debian999alllibz-mingw-w64< 1.2.12+dfsg-2libz-mingw-w64_1.2.12+dfsg-2_all.deb
Debian13alllibz-mingw-w64< 1.2.12+dfsg-2libz-mingw-w64_1.2.12+dfsg-2_all.deb
Debian12allzlib< 1:1.2.11.dfsg-4.1zlib_1:1.2.11.dfsg-4.1_all.deb
Debian11allzlib< 1:1.2.11.dfsg-2+deb11u2zlib_1:1.2.11.dfsg-2+deb11u2_all.deb
Debian10allzlib< 1:1.2.11.dfsg-1+deb10u2zlib_1:1.2.11.dfsg-1+deb10u2_all.deb
Debian999allzlib< 1:1.2.11.dfsg-4.1zlib_1:1.2.11.dfsg-4.1_all.deb
Debian13allzlib< 1:1.2.11.dfsg-4.1zlib_1:1.2.11.dfsg-4.1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libz-mingw-w64	< 1.2.12+dfsg-2	libz-mingw-w64_1.2.12+dfsg-2_all.deb
Debian	11	all	libz-mingw-w64	<= 1.2.11+dfsg-2	libz-mingw-w64_1.2.11+dfsg-2_all.deb
Debian	10	all	libz-mingw-w64	<= 1.2.11+dfsg-2	libz-mingw-w64_1.2.11+dfsg-2_all.deb
Debian	999	all	libz-mingw-w64	< 1.2.12+dfsg-2	libz-mingw-w64_1.2.12+dfsg-2_all.deb
Debian	13	all	libz-mingw-w64	< 1.2.12+dfsg-2	libz-mingw-w64_1.2.12+dfsg-2_all.deb
Debian	12	all	zlib	< 1:1.2.11.dfsg-4.1	zlib_1:1.2.11.dfsg-4.1_all.deb
Debian	11	all	zlib	< 1:1.2.11.dfsg-2+deb11u2	zlib_1:1.2.11.dfsg-2+deb11u2_all.deb
Debian	10	all	zlib	< 1:1.2.11.dfsg-1+deb10u2	zlib_1:1.2.11.dfsg-1+deb10u2_all.deb
Debian	999	all	zlib	< 1:1.2.11.dfsg-4.1	zlib_1:1.2.11.dfsg-4.1_all.deb
Debian	13	all	zlib	< 1:1.2.11.dfsg-4.1	zlib_1:1.2.11.dfsg-4.1_all.deb

nessus 70

veracode 1

cloudfoundry 4

oraclelinux 7

openvas 43

rocky 4

almalinux 4

ibm 5

cloudlinux 2

ubuntu 3

osv 15

debian 2

githubexploit 3

f5 1

qt 1

redhat 6

amazon 3

freebsd 1

freebsd_advisory 1

rosalinux 1

centos 1

wolfi 1

suse 2

cvelist 1

redhatcve 1

aix 1

cbl_mariner 2

mageia 1

fedora 3

redos 1

photon 1

cgr 1

slackware 1

alpinelinux 1

prion 1

ubuntucve 1

cve 1

gentoo 1

nessus

SUSE SLES12 Security Update : zlib (SUSE-SU-2022:2846-1)

2022-08-20 00:00:00

Amazon Linux AMI : zlib (ALAS-2022-1650)

2022-12-10 00:00:00

Rocky Linux 8 : zlib (RLSA-2022:7106)

2022-11-17 00:00:00

veracode

Denial Of Service (DoS)

2022-08-09 02:04:05

cloudfoundry

USN-5570-1: zlib vulnerability | Cloud Foundry

2023-01-19 00:00:00

USN-5573-1: rsync vulnerability | Cloud Foundry

2023-01-19 00:00:00

USN-5573-1: rsync vulnerability | Cloud Foundry

2022-08-25 00:00:00

oraclelinux

zlib security update

2022-11-02 00:00:00

zlib security update

2022-11-09 00:00:00

zlib security update

2023-03-08 00:00:00

openvas

Huawei EulerOS: Security Advisory for zlib (EulerOS-SA-2023-1211)

2023-01-12 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:2846-1)

2022-08-19 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:2847-1)

2022-08-19 00:00:00

rocky

zlib security update

2022-11-02 13:50:56

zlib security update

2022-10-25 07:22:56

rsync security and enhancement update

2022-11-08 06:29:11

almalinux

Moderate: rsync security and enhancement update

2022-11-08 00:00:00

Moderate: rsync security and bug fix update

2022-11-15 00:00:00

Moderate: zlib security update

2022-10-25 00:00:00

ibm

Security Bulletin: IBM Planning Analytics Workspace has addressed a vulnerability in GNU zlib (CVE-2022-37434)

2023-06-07 21:00:25

Security Bulletin: Security Vulnerability found in zlib fixed in the zlib version shipped with IBM Security Verify for Gateway (RADIUS & WinLogin) and for Bridge (DirSync)

2022-12-08 16:25:18

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in zlib (CVE-2022-37434)

2023-03-31 17:01:26

cloudlinux

Fixed CVE-2022-37434 in zlib

2022-08-17 18:47:33

Fixed CVE-2022-37434 in rsync

2022-08-25 15:56:39

ubuntu

zlib vulnerability

2022-10-17 00:00:00

rsync vulnerability

2022-08-18 00:00:00

zlib vulnerability

2022-08-17 00:00:00

osv

Moderate: rsync security and enhancement update

2022-11-08 06:29:11

Moderate: rsync security and bug fix update

2022-11-15 06:20:39

CVE-2022-37434

2022-08-05 07:15:07

debian

[SECURITY] [DSA 5218-1] zlib security update

2022-08-25 19:51:59

[SECURITY] [DLA 3103-1] zlib security update

2022-09-12 09:01:16

githubexploit

Exploit for Out-of-bounds Write in Zlib

2022-09-30 10:20:36

Exploit for Out-of-bounds Write in Zlib

2022-09-14 07:28:23

Exploit for Out-of-bounds Write in Zlib

2024-02-02 14:25:28

K67213091 : Zlib vulnerability CVE-2022-37434

2022-10-21 00:00:00

Security advisory: zlib in Qt

2022-09-12 00:00:00

redhat

(RHSA-2022:7106) Moderate: zlib security update

2022-10-25 07:22:56

(RHSA-2022:8291) Moderate: rsync security and bug fix update

2022-11-15 06:20:39

(RHSA-2024:0254) Moderate: rsync security update

2024-01-15 15:28:49

amazon

Medium: zlib

2022-12-01 17:34:00

Medium: zlib

2022-09-15 04:54:00

Medium: rsync

2023-06-05 16:39:00

freebsd

FreeBSD -- zlib heap buffer overflow

2022-08-30 00:00:00

freebsd_advisory

FreeBSD-SA-22:13.zlib

2022-08-30 00:00:00

rosalinux

Advisory ROSA-SA-2023-2131

2023-03-14 14:13:27

centos

minizip, zlib security update

2023-03-08 16:30:28

wolfi

CVE-2022-37434 vulnerabilities

2024-05-19 21:07:17

suse

Security update for zlib (important)

2022-08-31 00:00:00

Security update for zlib (important)

2022-09-01 00:00:00

cvelist

CVE-2022-37434

2022-08-05 00:00:00

redhatcve

CVE-2022-37434

2022-08-09 06:36:51

aix

AIX is vulnerable to denial of service due to zlib and zlibNX

2023-07-25 11:05:17

cbl_mariner

CVE-2022-37434 affecting package zlib 1.2.12-1

2022-08-24 22:05:05

CVE-2022-37434 affecting package zlib for versions less than 1.2.12-2

2022-09-13 22:36:39

mageia

Updated zlib packages fix security vulnerability

2022-09-16 22:39:55

fedora

[SECURITY] Fedora 36 Update: zlib-1.2.11-33.fc36

2022-09-02 09:55:06

[SECURITY] Fedora 35 Update: zlib-1.2.11-32.fc35

2022-09-16 01:46:40

[SECURITY] Fedora 37 Update: zlib-1.2.12-5.fc37

2022-09-14 00:23:02

redos

ROS-20221207-01

2022-12-07 00:00:00

photon

Critical Photon OS Security Update - PHSA-2022-0236

2022-08-23 00:00:00

cgr

CVE-2022-37434 vulnerabilities

2024-05-19 03:07:16

slackware

[slackware-security] zlib

2022-10-15 20:38:53

alpinelinux

CVE-2022-37434

2022-08-05 07:15:00

prion

Heap overflow

2022-08-05 07:15:00

ubuntucve

CVE-2022-37434

2022-08-05 00:00:00

cve

CVE-2022-37434

2022-08-05 07:15:00

gentoo

zlib: Multiple vulnerabilities

2022-10-31 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

0.003 Low

EPSS

Percentile

71.4%

JSON

Related for DEBIANCVE:CVE-2022-37434