ALT-PU-2022-1706-2

Package zlib updated to version 1.2.12-alt1 for branch sisyphus in task 298590.

Уязвимость библиотеки zlib, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.2)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Severity: HIGH (8.5)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:C

References:

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Nokogiri affected by zlib's Out-of-bounds Write vulnerability

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Out-of-bounds Write in zlib affects Nokogiri

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Version: 2.1.2

Package zlib update in sisyphus on 2022-04-17