What is CVE-2022-37434?

CVE-2022-37434 is a vulnerability in N/a. Published 2022-08-05.

Is CVE-2022-37434 known to be exploited?

48 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-37434

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affe…

EPSS: 0.925 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

github.com/ivd38/zlib_overflow
github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1
github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h
github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/…
[oss-security] 20220805 zlib buffer overflow (mailing-list)
github.com/curl/curl/issues/9271
[oss-security] 20220808 Re: zlib buffer overflow (mailing-list)
FEDORA-2022-25e4dbedf9 (vendor-advisory)
DSA-5218 (vendor-advisory)
FEDORA-2022-15da0cf165 (vendor-advisory)

Frequently asked questions

What is CVE-2022-37434?: CVE-2022-37434 is a vulnerability in N/a. Published 2022-08-05.
Is CVE-2022-37434 known to be exploited?: 48 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.