Vulnerability in N/a
CVE-2018-25032
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
EPSS: 0.517 (98.8th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
- Trinadh465/external_zlib_4.4_CVE-2018-25032
- Trinadh465/external_zlib_AOSP10_r33_CVE-2018-25032
- Satheesh575555/external_zlib-1.2.7_CVE-2018-25032
- ChrisAdkin8/Nomad-Job-Vulnerability-Tagging
- NathanielAPawluk/sec-buddy
- Satheesh575555/external_
- Trinadh465/external_
- Webb-L/reptileIndexOfProject
- ZipArchive/ZipArchive
- chainguard-dev/zlib-patch-demo
References
- www.openwall.com/lists/oss-security/2022/03/24/1
- github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
- [oss-security] 20220325 Re: zlib memory corruption on deflate (i.e. compress) (mailing-list)
- [oss-security] 20220326 Re: zlib memory corruption on deflate (i.e. compress) (mailing-list)
- DSA-5111 (vendor-advisory)
- [debian-lts-announce] 20220402 [SECURITY] [DLA 2968-1] zlib security update (mailing-list)
- FEDORA-2022-413a80a102 (vendor-advisory)
- FEDORA-2022-dbd2935e44 (vendor-advisory)
- FEDORA-2022-12b89e2aad (vendor-advisory)
- [debian-lts-announce] 20220507 [SECURITY] [DLA 2993-1] libz-mingw-w64 security update (mailing-list)
Frequently asked questions
- What is CVE-2018-25032?
- CVE-2018-25032 is a vulnerability in N/a. Published 2022-03-25.
- Is CVE-2018-25032 known to be exploited?
- 17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.