Bug 2116639 (CVE-2022-37434) - CVE-2022-37434 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field
Summary: CVE-2022-37434 zlib: heap-based buffer over-read and overflow in inflate() in...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-37434
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2116653 2116655 2116656 2116657 2116658 2116659 2116660 2116661 2116662 2116663 2116665 2116666 2116668 2116669 2116670 2116671 2116672 2116673 2137305 2165084
Blocks: 2115987
TreeView+ depends on / blocked
 
Reported: 2022-08-09 06:16 UTC by Sandipan Roy
Modified: 2023-09-26 20:49 UTC (History)
62 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A security vulnerability was found in zlib. The flaw triggered a heap-based buffer in inflate in the inflate.c function via a large gzip header extra field. This flaw is only applicable in the call inflateGetHeader.
Clone Of:
Environment:
Last Closed: 2022-12-10 19:03:05 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:7106 0 None None None 2022-10-25 08:39:53 UTC
Red Hat Product Errata RHSA-2022:7314 0 None None None 2022-11-02 14:30:34 UTC
Red Hat Product Errata RHSA-2022:7793 0 None None None 2022-11-08 10:30:21 UTC
Red Hat Product Errata RHSA-2022:8291 0 None None None 2022-11-15 10:51:26 UTC
Red Hat Product Errata RHSA-2022:8841 0 None None None 2022-12-08 13:22:20 UTC
Red Hat Product Errata RHSA-2023:1095 0 None None None 2023-03-07 09:54:34 UTC

Description Sandipan Roy 2022-08-09 06:16:04 UTC 
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764
https://github.com/ivd38/zlib_overflow
https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1
https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063
http://www.openwall.com/lists/oss-security/2022/08/05/2
https://github.com/curl/curl/issues/9271
http://www.openwall.com/lists/oss-security/2022/08/09/1
Comment 1 Sandipan Roy 2022-08-09 06:48:37 UTC 
Created BackupPC-XS tracking bugs for this issue:

Affects: epel-7 [bug 2116653]
Affects: epel-8 [bug 2116655]
Affects: fedora-35 [bug 2116656]
Affects: fedora-36 [bug 2116660]


Created mingw-zlib tracking bugs for this issue:

Affects: fedora-35 [bug 2116657]
Affects: fedora-36 [bug 2116661]


Created rsync tracking bugs for this issue:

Affects: fedora-35 [bug 2116658]
Affects: fedora-36 [bug 2116662]


Created zlib tracking bugs for this issue:

Affects: fedora-35 [bug 2116659]
Affects: fedora-36 [bug 2116663]
Comment 9 Richard Shaw 2022-08-09 12:29:16 UTC 
BackupPC upstream issue: https://github.com/backuppc/backuppc/issues/478
Comment 12 errata-xmlrpc 2022-10-25 08:39:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7106 https://access.redhat.com/errata/RHSA-2022:7106
Comment 14 errata-xmlrpc 2022-11-02 14:30:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:7314 https://access.redhat.com/errata/RHSA-2022:7314
Comment 15 errata-xmlrpc 2022-11-08 10:30:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7793 https://access.redhat.com/errata/RHSA-2022:7793
Comment 16 errata-xmlrpc 2022-11-15 10:51:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8291 https://access.redhat.com/errata/RHSA-2022:8291
Comment 17 errata-xmlrpc 2022-12-08 13:22:15 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2022:8841 https://access.redhat.com/errata/RHSA-2022:8841
Comment 18 Product Security DevOps Team 2022-12-10 19:03:01 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-37434
Comment 24 errata-xmlrpc 2023-03-07 09:54:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:1095 https://access.redhat.com/errata/RHSA-2023:1095
Comment 25 Red Hat Bugzilla 2023-09-18 04:44:15 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days
Note You need to log in before you can comment on or make changes to this bug.