Zurück zur CVE-Übersicht
CVE-2018-25032
HIGH(7.5)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Risk Signal Score34/100 — MITTEL
- CVSS 7.5 — Hoch
- EPSS 52%
EPSS-Score
52%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
7.5
Technische Schwere
Beschreibung
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Referenzen
- http://seclists.org/fulldisclosure/2022/May/33
- http://seclists.org/fulldisclosure/2022/May/35
- http://seclists.org/fulldisclosure/2022/May/38
- http://www.openwall.com/lists/oss-security/2022/03/25/2
- http://www.openwall.com/lists/oss-security/2022/03/26/1
- https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf
- https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
- https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
- https://github.com/madler/zlib/issues/605
- https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html