zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
zlib versiones anteriores a 1.2.12 permite la corrupción de memoria al desinflar (es decir, al comprimir) si la entrada tiene muchas coincidencias distantes
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
AV:N/AC:L/Au:N/C:N/I:N/A:P
| Access Vector | NETWORK |
|---|---|
| Access Complexity | LOW |
| Authentication | NONE |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | PARTIAL |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-787
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary |
en
CWE-787
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| nokogiri | nokogiri | * | <built-in method update of dict object at 0x702ba414f200> | Application |
| python | python | * | <built-in method update of dict object at 0x702bdd6ae3c0> | Application |
| python | python | * | <built-in method update of dict object at 0x702bddc2f6c0> | Application |
| python | python | * | <built-in method update of dict object at 0x702ba414c040> | Application |
| python | python | * | <built-in method update of dict object at 0x702ba414ed80> | Application |
| zlib | zlib | * | <built-in method update of dict object at 0x702ba414d180> | Application |
| debian | debian_linux | 9.0 | <built-in method update of dict object at 0x702ba414c6c0> | Operating System |
| debian | debian_linux | 10.0 | <built-in method update of dict object at 0x702ba414f2c0> | Operating System |
| debian | debian_linux | 11.0 | <built-in method update of dict object at 0x702bdd6a6600> | Operating System |
| fedoraproject | fedora | 34 | <built-in method update of dict object at 0x702ba414fdc0> | Operating System |
| fedoraproject | fedora | 35 | <built-in method update of dict object at 0x702ba7d650c0> | Operating System |
| fedoraproject | fedora | 36 | <built-in method update of dict object at 0x702ba414c300> | Operating System |
| apple | mac_os_x | * | <built-in method update of dict object at 0x702ba414eb40> | Operating System |
| apple | mac_os_x | 10.15.7 | <built-in method update of dict object at 0x702ba414d2c0> | Operating System |
| apple | mac_os_x | 10.15.7 | <built-in method update of dict object at 0x702ba414cb00> | Operating System |
| apple | mac_os_x | 10.15.7 | <built-in method update of dict object at 0x702ba7d672c0> | Operating System |
| apple | mac_os_x | 10.15.7 | <built-in method update of dict object at 0x702ba414fcc0> | Operating System |
| apple | mac_os_x | 10.15.7 | <built-in method update of dict object at 0x702bdd6afa40> | Operating System |
| apple | mac_os_x | 10.15.7 | <built-in method update of dict object at 0x702ba414f480> | Operating System |
| apple | mac_os_x | 10.15.7 | <built-in method update of dict object at 0x702bde515640> | Operating System |
| apple | mac_os_x | 10.15.7 | <built-in method update of dict object at 0x702bdd304540> | Operating System |
| apple | mac_os_x | 10.15.7 | <built-in method update of dict object at 0x702bddc2fb80> | Operating System |
| apple | mac_os_x | 10.15.7 | <built-in method update of dict object at 0x702bddc2d980> | Operating System |
| apple | mac_os_x | 10.15.7 | <built-in method update of dict object at 0x702ba414d9c0> | Operating System |
| apple | mac_os_x | 10.15.7 | <built-in method update of dict object at 0x702bdd307100> | Operating System |
| apple | mac_os_x | 10.15.7 | <built-in method update of dict object at 0x702bdda09540> | Operating System |
| apple | mac_os_x | 10.15.7 | <built-in method update of dict object at 0x702ba414e840> | Operating System |
| apple | macos | * | <built-in method update of dict object at 0x702ba414c740> | Operating System |
| apple | macos | * | <built-in method update of dict object at 0x702bdd6aca00> | Operating System |
| mariadb | mariadb | * | <built-in method update of dict object at 0x702bdd6ac880> | Application |
| mariadb | mariadb | * | <built-in method update of dict object at 0x702bddc2ea80> | Application |
| mariadb | mariadb | * | <built-in method update of dict object at 0x702bdd6af800> | Application |
| mariadb | mariadb | * | <built-in method update of dict object at 0x702bdd6ad0c0> | Application |
| mariadb | mariadb | * | <built-in method update of dict object at 0x702bdc60c900> | Application |
| mariadb | mariadb | * | <built-in method update of dict object at 0x702ba705ee40> | Application |
| mariadb | mariadb | * | <built-in method update of dict object at 0x702bdd6ad8c0> | Application |
| netapp | active_iq_unified_manager | - | <built-in method update of dict object at 0x702bdd6adb80> | Application |
| netapp | e-series_santricity_os_controller | * | <built-in method update of dict object at 0x702bfc336800> | Application |
| netapp | management_services_for_element_software | - | <built-in method update of dict object at 0x702bfc3369c0> | Application |
| netapp | oncommand_workflow_automation | - | <built-in method update of dict object at 0x702bdd6afb40> | Application |
| netapp | ontap_select_deploy_administration_utility | - | <built-in method update of dict object at 0x702bdd6ac280> | Application |
| netapp | hci_compute_node | - | <built-in method update of dict object at 0x702bdc373440> | Hardware |
| netapp | h300s_firmware | - | <built-in method update of dict object at 0x702ba705c900> | Operating System |
| netapp | h500s_firmware | - | <built-in method update of dict object at 0x702ba705f240> | Operating System |
| netapp | h700s_firmware | - | <built-in method update of dict object at 0x702ba705c500> | Operating System |
| netapp | h410s_firmware | - | <built-in method update of dict object at 0x702b832ed6c0> | Operating System |
| netapp | h410c_firmware | - | <built-in method update of dict object at 0x702ba705fac0> | Operating System |
| siemens | scalance_sc622-2c_firmware | * | <built-in method update of dict object at 0x702bfc3351c0> | Operating System |
| siemens | scalance_sc626-2c_firmware | * | <built-in method update of dict object at 0x702ba705fe80> | Operating System |
| siemens | scalance_sc632-2c_firmware | * | <built-in method update of dict object at 0x702ba705da80> | Operating System |
| siemens | scalance_sc636-2c_firmware | * | <built-in method update of dict object at 0x702ba705c240> | Operating System |
| siemens | scalance_sc642-2c_firmware | * | <built-in method update of dict object at 0x702ba705dc80> | Operating System |
| siemens | scalance_sc646-2c_firmware | * | <built-in method update of dict object at 0x702ba705c0c0> | Operating System |
| azul | zulu | 6.45 | <built-in method update of dict object at 0x702ba705c440> | Application |
| azul | zulu | 7.52 | <built-in method update of dict object at 0x702ba705e600> | Application |
| azul | zulu | 8.60 | <built-in method update of dict object at 0x702bdcf6a740> | Application |
| azul | zulu | 11.54 | <built-in method update of dict object at 0x702bfc337200> | Application |
| azul | zulu | 13.46 | <built-in method update of dict object at 0x702bdd463d00> | Application |
| azul | zulu | 15.38 | <built-in method update of dict object at 0x702bfc3c7480> | Application |
| azul | zulu | 17.32 | <built-in method update of dict object at 0x702bdc373a00> | Application |
| goto | gotoassist | * | <built-in method update of dict object at 0x702bcaa97f40> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:ruby:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* |
| Yes | cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:siemens:scalance_sc626-2c:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:goto:gotoassist:*:*:*:*:*:*:*:* |