zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
zlib versiones hasta 1.2.12, presenta una lectura excesiva de búfer en la región heap de la memoria o desbordamiento de búfer en el archivo inflate.c por medio de un campo extra del encabezado gzip. NOTA: sólo están afectadas las aplicaciones que llaman a inflateGetHeader. Algunas aplicaciones comunes agrupan el código fuente de zlib afectado pero pueden ser incapaces de llamar a inflateGetHeader (por ejemplo, véase la referencia nodejs/node)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-787
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary |
en
CWE-120
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| zlib | zlib | * | <built-in method update of dict object at 0x72a9cd0d8680> | Application |
| fedoraproject | fedora | 35 | <built-in method update of dict object at 0x72a9b0b3a540> | Operating System |
| fedoraproject | fedora | 36 | <built-in method update of dict object at 0x72a9b0b3bd80> | Operating System |
| fedoraproject | fedora | 37 | <built-in method update of dict object at 0x72a9cc81af00> | Operating System |
| debian | debian_linux | 10.0 | <built-in method update of dict object at 0x72a9cd0da5c0> | Operating System |
| netapp | active_iq_unified_manager | - | <built-in method update of dict object at 0x72a9cd0d8e00> | Application |
| netapp | active_iq_unified_manager | - | <built-in method update of dict object at 0x72a9cd0d9440> | Application |
| netapp | hci | - | <built-in method update of dict object at 0x72a9cc776f40> | Application |
| netapp | management_services_for_element_software | - | <built-in method update of dict object at 0x72a9cc81a080> | Application |
| netapp | oncommand_workflow_automation | - | <built-in method update of dict object at 0x72a9cd0d8c00> | Application |
| netapp | ontap_select_deploy_administration_utility | - | <built-in method update of dict object at 0x72a9cc774640> | Application |
| netapp | storagegrid | - | <built-in method update of dict object at 0x72a9cd0dbf40> | Application |
| netapp | hci_compute_node | - | <built-in method update of dict object at 0x72a9cc81b480> | Hardware |
| netapp | h300s_firmware | - | <built-in method update of dict object at 0x72a9b0cf9500> | Operating System |
| netapp | h500s_firmware | - | <built-in method update of dict object at 0x72a9cc777ac0> | Operating System |
| netapp | h700s_firmware | - | <built-in method update of dict object at 0x72a9b0b38840> | Operating System |
| netapp | h700s_firmware | - | <built-in method update of dict object at 0x72a9cd0d9a00> | Operating System |
| apple | ipados | * | <built-in method update of dict object at 0x72a9cd0d9f80> | Operating System |
| apple | iphone_os | * | <built-in method update of dict object at 0x72a9cc660700> | Operating System |
| apple | iphone_os | * | <built-in method update of dict object at 0x72a9cc819000> | Operating System |
| apple | macos | * | <built-in method update of dict object at 0x72a9cc774440> | Operating System |
| apple | macos | * | <built-in method update of dict object at 0x72a9cc818300> | Operating System |
| apple | watchos | * | <built-in method update of dict object at 0x72a9b0b3a080> | Operating System |
| stormshield | stormshield_network_security | * | <built-in method update of dict object at 0x72a9cc660080> | Application |
| stormshield | stormshield_network_security | * | <built-in method update of dict object at 0x72a9b0aa6e00> | Application |
| stormshield | stormshield_network_security | * | <built-in method update of dict object at 0x72a9cdf31780> | Application |
| stormshield | stormshield_network_security | * | <built-in method update of dict object at 0x72a9b0b38f80> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* |
| Yes | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* |
| Yes | cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| No | cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:* |