All errata/p10_e2k/ALT-PU-2022-5873-1
ALT-PU-2022-5873-1

Package update zlib in branch p10_e2k

Version1.2.12-alt3
Task#0
Published2022-08-30
Max severityCRITICAL
Severity:

Closed issues (2)

BDU:2022-05325
CRITICAL9.8

Уязвимость компонента inflate.c библиотеки zlib, позволяющая нарушителю выполнить произвольный код

Published: 2022-08-29Modified: 2026-01-20
CVSS 3.xCRITICAL 9.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
CVE-2022-37434
CRITICAL9.8

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

Published: 2022-08-05Modified: 2025-05-30
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References