Bug 2067945 (CVE-2018-25032)

Summary: CVE-2018-25032 zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
Product: [Other] Security Response Reporter: Rohit Keshri <rkeshri>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: agawand, chorn, code, csutherl, databases-maint, erik-fedora, fedora, gzaronik, hobbes1069, jaromir.capik, jchaloup, jclere, jwon, krathod, kyoshida, ljavorsk, luhliari, marcandre.lureau, mdean, michal.skrivanek, mmuzila, mperina, mruprich, mturk, nobody, odubaj, panovotn, pjindal, pkubat, praiskup, rdey, rh-spice-bugs, rjones, sbonazzo, security-response-team, sfroberg, shchan, ssorce, szappis, trathi, virt-maint, zmiklank
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: zlib 1.2.12 Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating (ex: when compressing) if the input has many distant matches. For some rare inputs with a large number of distant matches (crafted payloads), the buffer into which the compressed or deflated data is written can overwrite the distance symbol table which it overlays. This issue results in corrupted output due to invalid distances, which leads to out-of-bound access, corrupting the memory and potentially crashing the application.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-04-17 19:05:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2070867, 2068066, 2068368, 2068369, 2068370, 2068371, 2068372, 2068373, 2068374, 2068375, 2068376, 2068377, 2070868, 2071504, 2071505, 2071506, 2071507, 2071508, 2071509, 2071510, 2071511, 2071512, 2071513, 2071514, 2071515, 2072346, 2072347, 2072376, 2074783, 2074784, 2079230, 2163770, 2163771, 2163772    
Bug Blocks: 2067946    

Description Rohit Keshri 2022-03-24 05:24:21 UTC 
Greetings list, I was recently trying to track down a reproducible crash
in a compressor. Believe it or not, it really was a bug in
zlib-1.2.11 when compressing (not decompressing!) certain inputs.

I reported it upstream, but it turns out the issue has been public since
2018, but the patch never made it into a release. As far as I know,
nobody ever assigned it a CVE.

https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531

As far as I can tell, no distros have picked this up.

Tavis.


-- 
 _o)            $ lynx lock.cmpxchg8b.com
 /\\  _o)  _o)  $ finger taviso
_\_V _( ) _( )  @taviso
Comment 2 Sandipan Roy 2022-03-24 11:43:28 UTC 
Created zlib tracking bugs for this issue:

Affects: fedora-all [bug 2068066]
Comment 3 Sandipan Roy 2022-03-24 12:49:29 UTC 
*** Bug 2068073 has been marked as a duplicate of this bug. ***
Comment 5 TEJ RATHI 2022-03-25 05:29:11 UTC 
Created mingw-zlib tracking bugs for this issue:

Affects: fedora-all [bug 2068368]


Created rsync tracking bugs for this issue:

Affects: fedora-all [bug 2068369]
Comment 13 TEJ RATHI 2022-04-01 09:01:05 UTC 
Created BackupPC-XS tracking bugs for this issue:

Affects: epel-all [bug 2070867]
Affects: fedora-all [bug 2070868]
Comment 18 TEJ RATHI 2022-04-26 11:31:34 UTC 
The issue wasn't publicly labelled as security vulnerability until 2022, but the fix was public since 2018.
Comment 19 errata-xmlrpc 2022-04-26 17:11:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:1591 https://access.redhat.com/errata/RHSA-2022:1591
Comment 21 errata-xmlrpc 2022-04-28 15:50:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1642 https://access.redhat.com/errata/RHSA-2022:1642
Comment 22 errata-xmlrpc 2022-05-02 07:28:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:1661 https://access.redhat.com/errata/RHSA-2022:1661
Comment 23 errata-xmlrpc 2022-05-11 14:59:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:2197 https://access.redhat.com/errata/RHSA-2022:2197
Comment 24 errata-xmlrpc 2022-05-11 17:20:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:2192 https://access.redhat.com/errata/RHSA-2022:2192
Comment 25 errata-xmlrpc 2022-05-11 18:32:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2022:2214 https://access.redhat.com/errata/RHSA-2022:2214
Comment 26 errata-xmlrpc 2022-05-11 18:32:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2022:2214 https://access.redhat.com/errata/RHSA-2022:2214
Comment 27 errata-xmlrpc 2022-05-11 18:32:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:2198 https://access.redhat.com/errata/RHSA-2022:2198
Comment 28 errata-xmlrpc 2022-05-11 18:49:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:2201 https://access.redhat.com/errata/RHSA-2022:2201
Comment 29 errata-xmlrpc 2022-05-11 20:17:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:2213 https://access.redhat.com/errata/RHSA-2022:2213
Comment 31 errata-xmlrpc 2022-05-17 23:39:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:4584 https://access.redhat.com/errata/RHSA-2022:4584
Comment 32 errata-xmlrpc 2022-05-18 01:16:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:4592 https://access.redhat.com/errata/RHSA-2022:4592
Comment 38 errata-xmlrpc 2022-05-31 14:51:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:4845 https://access.redhat.com/errata/RHSA-2022:4845
Comment 39 errata-xmlrpc 2022-06-03 13:48:39 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2022:4896 https://access.redhat.com/errata/RHSA-2022:4896
Comment 41 errata-xmlrpc 2022-06-30 07:31:45 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2022:5439 https://access.redhat.com/errata/RHSA-2022:5439
Comment 42 Product Security DevOps Team 2022-07-01 14:11:45 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-25032
Comment 43 errata-xmlrpc 2022-11-07 10:21:09 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2022:7144 https://access.redhat.com/errata/RHSA-2022:7144
Comment 44 errata-xmlrpc 2022-11-08 10:34:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7813 https://access.redhat.com/errata/RHSA-2022:7813
Comment 45 errata-xmlrpc 2022-11-15 11:10:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8420 https://access.redhat.com/errata/RHSA-2022:8420
Comment 47 errata-xmlrpc 2023-02-28 08:03:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support
  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.7 Telco Extended Update Support

Via RHSA-2023:0943 https://access.redhat.com/errata/RHSA-2023:0943
Comment 48 errata-xmlrpc 2023-02-28 08:10:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Advanced Update Support

Via RHSA-2023:0975 https://access.redhat.com/errata/RHSA-2023:0975
Comment 49 errata-xmlrpc 2023-02-28 08:10:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support

Via RHSA-2023:0976 https://access.redhat.com/errata/RHSA-2023:0976
Comment 51 Product Security DevOps Team 2023-04-17 19:05:05 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-25032