Launchpad.net

CVE 2022-37434

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

Related bugs and status

CVE-2022-37434 (Candidate) is related to these bugs:

Bug #1988548: Missing fix for CVE-2022-37434 in zlib1g in focal and jammy

Summary				In	Importance	Status
	1988548	Missing fix for CVE-2022-37434 in zlib1g in focal and jammy		zlib (Ubuntu)	Undecided	Fix Released

Bug #1994108: Debian CVE-2022-37434 / CVE-2018-25032 : zlib: multiple CVEs

Summary				In	Importance	Status
	1994108	Debian CVE-2022-37434 / CVE-2018-25032 : zlib: multiple CVEs		StarlingX	Medium	Fix Released

Bug #1996629: CVE-2022-37434 zlib in Mysql Client

Summary				In	Importance	Status
	1996629	CVE-2022-37434 zlib in Mysql Client		mysql-defaults (Ubuntu)	Undecided	Won't Fix

Bug #2023529: Critical vulnerability CVE-2022-37434 in lxml introduced through zlib

Summary				In	Importance	Status
	2023529	Critical vulnerability CVE-2022-37434 in lxml introduced through zlib		lxml	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2022-37434

Related bugs and status

Related bugs

References