Veracode Vulnerability DatabaseVERACODE:36630Denial Of Service (DoS)
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
58.6%
zlib is vulnerable denial of service. The vulnerability exists due to a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.
References
seclists.org/fulldisclosure/2022/Oct/37
seclists.org/fulldisclosure/2022/Oct/38
seclists.org/fulldisclosure/2022/Oct/41
seclists.org/fulldisclosure/2022/Oct/42
www.openwall.com/lists/oss-security/2022/08/05/2
www.openwall.com/lists/oss-security/2022/08/09/1
github.com/curl/curl/issues/9271
github.com/ivd38/zlib_overflow
github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063
github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1
github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764
lists.debian.org/debian-lts-announce/2022/09/msg00012.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/
lists.fedoraproject.org/archives/list/[email protected]/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/
lists.fedoraproject.org/archives/list/[email protected]/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/
lists.fedoraproject.org/archives/list/[email protected]/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/
lists.fedoraproject.org/archives/list/[email protected]/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/
lists.fedoraproject.org/archives/list/[email protected]/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.13/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
secdb.alpinelinux.org/v3.15/main.yaml
secdb.alpinelinux.org/v3.16/main.yaml
security.netapp.com/advisory/ntap-20220901-0005/
security.netapp.com/advisory/ntap-20230427-0007/
support.apple.com/kb/HT213488
support.apple.com/kb/HT213489
support.apple.com/kb/HT213490
support.apple.com/kb/HT213491
support.apple.com/kb/HT213493
support.apple.com/kb/HT213494
www.debian.org/security/2022/dsa-5218
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
58.6%