Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ghsa-v6gp-9mmm-c6p5
Vulnerability from github
Published
2022-04-11 21:21
Modified
2022-04-11 21:21
Severity ?
Summary
Out-of-bounds Write in zlib affects Nokogiri
Details
Summary
Nokogiri v1.13.4 updates the vendored zlib from 1.2.11 to 1.2.12, which addresses CVE-2018-25032. That CVE is scored as CVSS 7.4 "High" on the NVD record as of 2022-04-05.
Please note that this advisory only applies to the CRuby implementation of Nokogiri < 1.13.4
, and only if the packaged version of zlib
is being used. Please see this document for a complete description of which platform gems vendor zlib
. If you've overridden defaults at installation time to use system libraries instead of packaged libraries, you should instead pay attention to your distro's zlib
release announcements.
Mitigation
Upgrade to Nokogiri >= v1.13.4
.
Impact
CVE-2018-25032 in zlib
- Severity: High
- Type: CWE-787 Out of bounds write
- Description: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
{ "affected": [ { "package": { "ecosystem": "RubyGems", "name": "nokogiri" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1.13.4" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [], "database_specific": { "cwe_ids": [ "CWE-787" ], "github_reviewed": true, "github_reviewed_at": "2022-04-11T21:21:28Z", "nvd_published_at": null, "severity": "HIGH" }, "details": "## Summary\n\nNokogiri v1.13.4 updates the vendored zlib from 1.2.11 to 1.2.12, which addresses [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032). That CVE is scored as CVSS 7.4 \"High\" on the NVD record as of 2022-04-05.\n\nPlease note that this advisory only applies to the CRuby implementation of Nokogiri `\u003c 1.13.4`, and only if the packaged version of `zlib` is being used. Please see [this document](https://nokogiri.org/LICENSE-DEPENDENCIES.html#default-platform-release-ruby) for a complete description of which platform gems vendor `zlib`. If you\u0027ve overridden defaults at installation time to use system libraries instead of packaged libraries, you should instead pay attention to your distro\u0027s `zlib` release announcements. \n\n## Mitigation\n\nUpgrade to Nokogiri `\u003e= v1.13.4`.\n\n## Impact\n\n### [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032) in zlib\n\n- **Severity**: High\n- **Type**: [CWE-787](https://cwe.mitre.org/data/definitions/787.html) Out of bounds write\n- **Description**: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.\n\n", "id": "GHSA-v6gp-9mmm-c6p5", "modified": "2022-04-11T21:21:28Z", "published": "2022-04-11T21:21:28Z", "references": [ { "type": "WEB", "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25032" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-jc36-42cf-vqwj" }, { "type": "PACKAGE", "url": "https://github.com/sparklemotion/nokogiri" }, { "type": "WEB", "url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4" }, { "type": "WEB", "url": "https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email\u0026utm_source=footer" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ], "summary": "Out-of-bounds Write in zlib affects Nokogiri" }
gsd-2018-25032
Vulnerability from gsd
Modified
2022-04-11 00:00
Details
## Summary
Nokogiri v1.13.4 updates the vendored zlib from 1.2.11
to 1.2.12, which addresses [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032).
That CVE is scored as CVSS 7.4 "High" on the NVD record as of 2022-04-05.
Please note that this advisory only applies to the CRuby implementation of
Nokogiri `< 1.13.4`, and only if the packaged version of `zlib` is being used.
Please see [this document](https://nokogiri.org/LICENSE-DEPENDENCIES.html#default-platform-release-ruby)
for a complete description of which platform gems vendor `zlib`. If you've
overridden defaults at installation time to use system libraries instead of
packaged libraries, you should instead pay attention to your distro's `zlib`
release announcements.
## Mitigation
Upgrade to Nokogiri `>= v1.13.4`.
## Impact
### [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032) in zlib
- **Severity**: High
- **Type**: [CWE-787](https://cwe.mitre.org/data/definitions/787.html)
Out of bounds write
- **Description**: zlib before 1.2.12 allows memory corruption when
deflating (i.e., when compressing) if the input has many distant matches.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2018-25032", "description": "zlib 1.2.11 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "id": "GSD-2018-25032", "references": [ "https://security.archlinux.org/CVE-2018-25032", "https://www.debian.org/security/2022/dsa-5111", "https://advisories.mageia.org/CVE-2018-25032.html", "https://www.suse.com/security/cve/CVE-2018-25032.html", "https://ubuntu.com/security/CVE-2018-25032", "https://access.redhat.com/errata/RHSA-2022:1591", "https://access.redhat.com/errata/RHSA-2022:1642", "https://linux.oracle.com/cve/CVE-2018-25032.html", "https://access.redhat.com/errata/RHSA-2022:1661", "https://access.redhat.com/errata/RHSA-2022:2192", "https://access.redhat.com/errata/RHSA-2022:2197", "https://access.redhat.com/errata/RHSA-2022:2198", "https://access.redhat.com/errata/RHSA-2022:2201", "https://access.redhat.com/errata/RHSA-2022:2213", "https://access.redhat.com/errata/RHSA-2022:2214", "https://access.redhat.com/errata/RHSA-2022:4584", "https://access.redhat.com/errata/RHSA-2022:4592", "https://access.redhat.com/errata/RHSA-2022:4845", "https://access.redhat.com/errata/RHSA-2022:4896", "https://access.redhat.com/errata/RHSA-2022:5439", "https://alas.aws.amazon.com/cve/html/CVE-2018-25032.html", "https://access.redhat.com/errata/RHSA-2022:7144", "https://access.redhat.com/errata/RHSA-2022:7813", "https://access.redhat.com/errata/RHSA-2022:8420", "https://access.redhat.com/errata/RHSA-2023:0943", "https://access.redhat.com/errata/RHSA-2023:0975", "https://access.redhat.com/errata/RHSA-2023:0976" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "affected": [ { "package": { "ecosystem": "RubyGems", "name": "nokogiri", "purl": "pkg:gem/nokogiri" } } ], "aliases": [ "CVE-2018-25032", "GHSA-v6gp-9mmm-c6p5" ], "details": "## Summary\n\nNokogiri v1.13.4 updates the vendored zlib from 1.2.11\nto 1.2.12, which addresses [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032).\nThat CVE is scored as CVSS 7.4 \"High\" on the NVD record as of 2022-04-05.\n\nPlease note that this advisory only applies to the CRuby implementation of\nNokogiri `\u003c 1.13.4`, and only if the packaged version of `zlib` is being used.\nPlease see [this document](https://nokogiri.org/LICENSE-DEPENDENCIES.html#default-platform-release-ruby)\nfor a complete description of which platform gems vendor `zlib`. If you\u0027ve\noverridden defaults at installation time to use system libraries instead of\npackaged libraries, you should instead pay attention to your distro\u0027s `zlib`\nrelease announcements.\n\n## Mitigation\n\nUpgrade to Nokogiri `\u003e= v1.13.4`.\n\n## Impact\n\n### [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032) in zlib\n\n- **Severity**: High\n- **Type**: [CWE-787](https://cwe.mitre.org/data/definitions/787.html)\n Out of bounds write\n- **Description**: zlib before 1.2.12 allows memory corruption when\n deflating (i.e., when compressing) if the input has many distant matches.\n", "id": "GSD-2018-25032", "modified": "2022-04-11T00:00:00.000Z", "published": "2022-04-11T00:00:00.000Z", "references": [ { "type": "WEB", "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5" }, { "type": "WEB", "url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4" }, { "type": "WEB", "url": "https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ" } ], "related": [ "GHSA-jc36-42cf-vqwj" ], "schema_version": "1.4.0", "severity": [ { "score": 7.5, "type": "CVSS_V3" } ], "summary": "Out-of-bounds Write in zlib affects Nokogiri" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-25032", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.openwall.com/lists/oss-security/2022/03/24/1", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2022/03/24/1" }, { "name": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531", "refsource": "MISC", "url": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531" }, { "name": "[oss-security] 20220325 Re: zlib memory corruption on deflate (i.e. compress)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/03/25/2" }, { "name": "[oss-security] 20220326 Re: zlib memory corruption on deflate (i.e. compress)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/03/26/1" }, { "name": "DSA-5111", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5111" }, { "name": "[debian-lts-announce] 20220402 [SECURITY] [DLA 2968-1] zlib security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html" }, { "name": "FEDORA-2022-413a80a102", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/" }, { "name": "FEDORA-2022-dbd2935e44", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/" }, { "name": "FEDORA-2022-12b89e2aad", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/" }, { "name": "[debian-lts-announce] 20220507 [SECURITY] [DLA 2993-1] libz-mingw-w64 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "name": "FEDORA-2022-61cf1c64f6", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "https://www.openwall.com/lists/oss-security/2022/03/28/3", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2022/03/28/3" }, { "name": "https://www.openwall.com/lists/oss-security/2022/03/28/1", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2022/03/28/1" }, { "name": "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12", "refsource": "CONFIRM", "url": "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12" }, { "name": "https://github.com/madler/zlib/issues/605", "refsource": "MISC", "url": "https://github.com/madler/zlib/issues/605" }, { "name": "https://support.apple.com/kb/HT213257", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213257" }, { "name": "https://support.apple.com/kb/HT213256", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213256" }, { "name": "https://support.apple.com/kb/HT213255", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT213255" }, { "name": "https://security.netapp.com/advisory/ntap-20220526-0009/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220526-0009/" }, { "name": "https://security.netapp.com/advisory/ntap-20220729-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" }, { "name": "FEDORA-2022-3a92250fd5", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/" }, { "name": "FEDORA-2022-b58a85e167", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/" }, { "name": "[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html" }, { "name": "GLSA-202210-42", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202210-42" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" } ] } }, "github.com/rubysec/ruby-advisory-db": { "cve": "2018-25032", "cvss_v3": 7.5, "date": "2022-04-11", "description": "## Summary\n\nNokogiri v1.13.4 updates the vendored zlib from 1.2.11\nto 1.2.12, which addresses [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032).\nThat CVE is scored as CVSS 7.4 \"High\" on the NVD record as of 2022-04-05.\n\nPlease note that this advisory only applies to the CRuby implementation of\nNokogiri `\u003c 1.13.4`, and only if the packaged version of `zlib` is being used.\nPlease see [this document](https://nokogiri.org/LICENSE-DEPENDENCIES.html#default-platform-release-ruby)\nfor a complete description of which platform gems vendor `zlib`. If you\u0027ve\noverridden defaults at installation time to use system libraries instead of\npackaged libraries, you should instead pay attention to your distro\u0027s `zlib`\nrelease announcements.\n\n## Mitigation\n\nUpgrade to Nokogiri `\u003e= v1.13.4`.\n\n## Impact\n\n### [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032) in zlib\n\n- **Severity**: High\n- **Type**: [CWE-787](https://cwe.mitre.org/data/definitions/787.html)\n Out of bounds write\n- **Description**: zlib before 1.2.12 allows memory corruption when\n deflating (i.e., when compressing) if the input has many distant matches.\n", "gem": "nokogiri", "ghsa": "v6gp-9mmm-c6p5", "patched_versions": [ "\u003e= 1.13.4" ], "related": { "ghsa": [ "jc36-42cf-vqwj" ], "url": [ "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4", "https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ" ] }, "title": "Out-of-bounds Write in zlib affects Nokogiri", "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5" }, "gitlab.com": { "advisories": [ { "affected_range": "\u003c1.13.4", "affected_versions": "All versions before 1.13.4", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-787", "CWE-937" ], "date": "2023-06-27", "description": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "fixed_versions": [ "1.13.4" ], "identifier": "CVE-2018-25032", "identifiers": [ "GHSA-jc36-42cf-vqwj", "CVE-2018-25032" ], "not_impacted": "All versions starting from 1.13.4", "package_slug": "gem/nokogiri", "pubdate": "2022-03-26", "solution": "Upgrade to version 1.13.4 or above.", "title": "Out-of-bounds Write", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2018-25032", "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531", "https://www.openwall.com/lists/oss-security/2022/03/24/1", "http://www.openwall.com/lists/oss-security/2022/03/25/2", "http://www.openwall.com/lists/oss-security/2022/03/26/1", "https://github.com/madler/zlib/issues/605", "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12", "https://www.openwall.com/lists/oss-security/2022/03/28/1", "https://www.openwall.com/lists/oss-security/2022/03/28/3", "https://www.debian.org/security/2022/dsa-5111", "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/", "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/", "https://support.apple.com/kb/HT213255", "https://support.apple.com/kb/HT213256", "https://support.apple.com/kb/HT213257", "http://seclists.org/fulldisclosure/2022/May/33", "http://seclists.org/fulldisclosure/2022/May/35", "http://seclists.org/fulldisclosure/2022/May/38", "https://security.netapp.com/advisory/ntap-20220526-0009/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://security.netapp.com/advisory/ntap-20220729-0004/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/", "https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html", "https://security.gentoo.org/glsa/202210-42", "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf", "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5", "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-25032.yml", "https://github.com/advisories/GHSA-jc36-42cf-vqwj" ], "uuid": "af1fb0bc-1ec4-4532-a61e-3c310ceef3ed" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.2.12", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.15.7", "versionStartIncluding": "10.15", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.6.6", "versionStartIncluding": "11.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.4", "versionStartIncluding": "12.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.10.5", "versionStartIncluding": "3.10.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.9.13", "versionStartIncluding": "3.9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.7.14", "versionStartIncluding": "3.7.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.8.14", "versionStartIncluding": "3.8.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.3.36", "versionStartIncluding": "10.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.4.26", "versionStartIncluding": "10.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.5.17", "versionStartIncluding": "10.5.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.6.9", "versionStartIncluding": "10.6.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.7.5", "versionStartIncluding": "10.7.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.8.4", "versionStartIncluding": "10.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.9.2", "versionStartIncluding": "10.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.70.2", "versionStartIncluding": "11.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_sc626-2c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:goto:gotoassist:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.9.18", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-25032" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-787" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.openwall.com/lists/oss-security/2022/03/24/1", "refsource": "MISC", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2022/03/24/1" }, { "name": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531" }, { "name": "[oss-security] 20220325 Re: zlib memory corruption on deflate (i.e. compress)", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/25/2" }, { "name": "[oss-security] 20220326 Re: zlib memory corruption on deflate (i.e. compress)", "refsource": "MLIST", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/26/1" }, { "name": "https://www.openwall.com/lists/oss-security/2022/03/28/1", "refsource": "MISC", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2022/03/28/1" }, { "name": "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12", "refsource": "CONFIRM", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12" }, { "name": "https://www.openwall.com/lists/oss-security/2022/03/28/3", "refsource": "MISC", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2022/03/28/3" }, { "name": "https://github.com/madler/zlib/issues/605", "refsource": "MISC", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://github.com/madler/zlib/issues/605" }, { "name": "DSA-5111", "refsource": "DEBIAN", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5111" }, { "name": "[debian-lts-announce] 20220402 [SECURITY] [DLA 2968-1] zlib security update", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html" }, { "name": "FEDORA-2022-413a80a102", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/" }, { "name": "FEDORA-2022-dbd2935e44", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/" }, { "name": "FEDORA-2022-12b89e2aad", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/" }, { "name": "[debian-lts-announce] 20220507 [SECURITY] [DLA 2993-1] libz-mingw-w64 security update", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html" }, { "name": "https://support.apple.com/kb/HT213255", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213255" }, { "name": "https://support.apple.com/kb/HT213256", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213256" }, { "name": "https://support.apple.com/kb/HT213257", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213257" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "refsource": "FULLDISC", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "refsource": "FULLDISC", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "refsource": "FULLDISC", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "name": "https://security.netapp.com/advisory/ntap-20220526-0009/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220526-0009/" }, { "name": "FEDORA-2022-61cf1c64f6", "refsource": "FEDORA", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/" }, { "name": "N/A", "refsource": "N/A", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220729-0004/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" }, { "name": "FEDORA-2022-3a92250fd5", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/" }, { "name": "FEDORA-2022-b58a85e167", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/" }, { "name": "[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html" }, { "name": "GLSA-202210-42", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202210-42" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2023-08-04T18:48Z", "publishedDate": "2022-03-25T09:15Z" } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.