Lucene search

[email protected]NVD:CVE-2018-25032

HistoryMar 25, 2022 - 9:15 a.m.

CVE-2018-25032

2022-03-2509:15:08

CWE-787

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

68.4%

JSON

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Affected configurations

NVD

Node

zlibzlibRange<1.2.12

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

Node

fedoraprojectfedoraMatch34

fedoraprojectfedoraMatch35

fedoraprojectfedoraMatch36

Node

applemac_os_xRange10.15–10.15.7

applemac_os_xMatch10.15.7-

applemac_os_xMatch10.15.7security_update_2020

applemac_os_xMatch10.15.7security_update_2020-001

applemac_os_xMatch10.15.7security_update_2020-005

applemac_os_xMatch10.15.7security_update_2020-007

applemac_os_xMatch10.15.7security_update_2021-001

applemac_os_xMatch10.15.7security_update_2021-002

applemac_os_xMatch10.15.7security_update_2021-003

applemac_os_xMatch10.15.7security_update_2021-006

applemac_os_xMatch10.15.7security_update_2021-007

applemac_os_xMatch10.15.7security_update_2021-008

applemac_os_xMatch10.15.7security_update_2022-001

applemac_os_xMatch10.15.7security_update_2022-002

applemac_os_xMatch10.15.7security_update_2022-003

applemacosRange11.0–11.6.6

applemacosRange12.0.0–12.4

Node

pythonpythonRange3.7.0–3.7.14

pythonpythonRange3.8.0–3.8.14

pythonpythonRange3.9.0–3.9.13

pythonpythonRange3.10.0–3.10.5

Node

mariadbmariadbRange10.3.0–10.3.36

mariadbmariadbRange10.4.0–10.4.26

mariadbmariadbRange10.5.0–10.5.17

mariadbmariadbRange10.6.0–10.6.9

mariadbmariadbRange10.7.0–10.7.5

mariadbmariadbRange10.8.0–10.8.4

mariadbmariadbRange10.9.0–10.9.2

Node

netappactive_iq_unified_managerMatch-vmware_vsphere

netappe-series_santricity_os_controllerRange11.0.0–11.70.2

netappmanagement_services_for_element_softwareMatch-

netapponcommand_workflow_automationMatch-

netappontap_select_deploy_administration_utilityMatch-

netapphci_compute_nodeMatch-

Node

netapph300s_firmwareMatch-

AND

netapph300sMatch-

Node

netapph500s_firmwareMatch-

AND

netapph500sMatch-

Node

netapph700s_firmwareMatch-

AND

netapph700sMatch-

Node

netapph410s_firmwareMatch-

AND

netapph410sMatch-

Node

netapph410c_firmwareMatch-

AND

netapph410cMatch-

Node

siemensscalance_sc622-2c_firmwareRange<3.0

AND

siemensscalance_sc622-2cMatch-

Node

siemensscalance_sc626-2c_firmwareRange<3.0

AND

siemensscalance_sc626-2cMatch-

Node

siemensscalance_sc632-2c_firmwareRange<3.0

AND

siemensscalance_sc632-2cMatch-

Node

siemensscalance_sc636-2c_firmwareRange<3.0

AND

siemensscalance_sc636-2cMatch-

Node

siemensscalance_sc642-2c_firmwareRange<3.0

AND

siemensscalance_sc642-2cMatch-

Node

siemensscalance_sc646-2c_firmwareRange<3.0

AND

siemensscalance_sc646-2cMatch-

Node

azulzuluMatch6.45

azulzuluMatch7.52

azulzuluMatch8.60

azulzuluMatch11.54

azulzuluMatch13.46

azulzuluMatch15.38

azulzuluMatch17.32

Node

gotogotoassistRange<11.9.18

References

seclists.org/fulldisclosure/2022/May/33

seclists.org/fulldisclosure/2022/May/35

seclists.org/fulldisclosure/2022/May/38

www.openwall.com/lists/oss-security/2022/03/25/2

www.openwall.com/lists/oss-security/2022/03/26/1

cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf

github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531

github.com/madler/zlib/compare/v1.2.11...v1.2.12

github.com/madler/zlib/issues/605

lists.debian.org/debian-lts-announce/2022/04/msg00000.html

lists.debian.org/debian-lts-announce/2022/05/msg00008.html

lists.debian.org/debian-lts-announce/2022/09/msg00023.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/

security.gentoo.org/glsa/202210-42

security.netapp.com/advisory/ntap-20220526-0009/

security.netapp.com/advisory/ntap-20220729-0004/

support.apple.com/kb/HT213255

support.apple.com/kb/HT213256

support.apple.com/kb/HT213257

www.debian.org/security/2022/dsa-5111

www.openwall.com/lists/oss-security/2022/03/24/1

www.openwall.com/lists/oss-security/2022/03/28/1

www.openwall.com/lists/oss-security/2022/03/28/3

www.oracle.com/security-alerts/cpujul2022.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

68.4%

JSON

CVE-2018-25032

Affected configurations

References

Related