Unrated severityNVD Advisory· Published Aug 5, 2022· Updated May 30, 2025
CVE-2022-37434
CVE-2022-37434
Description
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
61- osv-coords60 versionspkg:apk/chainguard/minizippkg:apk/chainguard/zlibpkg:apk/chainguard/zlib-devpkg:apk/chainguard/zlib-docpkg:apk/chainguard/zlib-staticpkg:apk/wolfi/minizippkg:apk/wolfi/zlibpkg:apk/wolfi/zlib-devpkg:apk/wolfi/zlib-docpkg:apk/wolfi/zlib-staticpkg:rpm/almalinux/rsyncpkg:rpm/almalinux/rsync-daemonpkg:rpm/almalinux/zlibpkg:rpm/almalinux/zlib-develpkg:rpm/almalinux/zlib-staticpkg:rpm/opensuse/libqt5-qtbase&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rsync&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rusty_v8&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/vlc&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/vlc&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/vlc&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/zlib&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/zlib&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/zlib&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/suse/vlc&distro=SUSE%20Package%20Hub%2015%20SP4pkg:rpm/suse/vlc&distro=SUSE%20Package%20Hub%2015%20SP5pkg:rpm/suse/zlib&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/zlib&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/zlib&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/zlib&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/zlib&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/zlib&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/zlib&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 1.2.13-r1+ 59 more
- (no CPE)range: < 1.2.13-r1
- (no CPE)range: < 1.2.13-r1
- (no CPE)range: < 1.2.13-r1
- (no CPE)range: < 1.2.13-r1
- (no CPE)range: < 1.2.13-r1
- (no CPE)range: < 1.2.13-r1
- (no CPE)range: < 1.2.13-r1
- (no CPE)range: < 1.2.13-r1
- (no CPE)range: < 1.2.13-r1
- (no CPE)range: < 1.2.13-r1
- (no CPE)range: < 3.1.3-19.el8
- (no CPE)range: < 3.1.3-19.el8
- (no CPE)range: < 1.2.11-19.el8_6
- (no CPE)range: < 1.2.11-19.el8_6
- (no CPE)range: < 1.2.11-19.el8_6
- (no CPE)range: < 5.15.6+kde177-1.1
- (no CPE)range: < 3.2.5-1.1
- (no CPE)range: < 0.106.0-1.1
- (no CPE)range: < 3.0.20-bp154.2.6.1
- (no CPE)range: < 3.0.20-bp155.2.3.1
- (no CPE)range: < 3.0.19-1.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 3.0.20-bp154.2.6.1
- (no CPE)range: < 3.0.20-bp155.2.3.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.8-12.9.1
- (no CPE)range: < 1.2.8-12.9.1
- (no CPE)range: < 1.2.11-3.9.1
- (no CPE)range: < 1.2.11-11.22.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-3.9.1
- (no CPE)range: < 1.2.11-11.22.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-11.22.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-150000.3.33.1
- (no CPE)range: < 1.2.11-3.9.1
- (no CPE)range: < 1.2.11-3.9.1
Patches
Vulnerability mechanics
References
26- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/mitrevendor-advisory
- www.debian.org/security/2022/dsa-5218mitrevendor-advisory
- seclists.org/fulldisclosure/2022/Oct/37mitremailing-list
- seclists.org/fulldisclosure/2022/Oct/38mitremailing-list
- seclists.org/fulldisclosure/2022/Oct/41mitremailing-list
- seclists.org/fulldisclosure/2022/Oct/42mitremailing-list
- www.openwall.com/lists/oss-security/2022/08/05/2mitremailing-list
- www.openwall.com/lists/oss-security/2022/08/09/1mitremailing-list
- lists.debian.org/debian-lts-announce/2022/09/msg00012.htmlmitremailing-list
- github.com/curl/curl/issues/9271mitre
- github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.hmitre
- github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91dmitre
- github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1mitre
- github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.cmitre
- security.netapp.com/advisory/ntap-20220901-0005/mitre
- security.netapp.com/advisory/ntap-20230427-0007/mitre
- support.apple.com/kb/HT213488mitre
- support.apple.com/kb/HT213489mitre
- support.apple.com/kb/HT213490mitre
- support.apple.com/kb/HT213491mitre
- support.apple.com/kb/HT213493mitre
- support.apple.com/kb/HT213494mitre
News mentions
0No linked articles in our index yet.