Bug 2067945 (CVE-2018-25032) - CVE-2018-25032 zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
Summary: CVE-2018-25032 zlib: A flaw found in zlib when compressing (not decompressing...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-25032
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 2068073 (view as bug list)
Depends On: 2070867 2068066 2068368 2068369 2068370 2068371 2068372 2068373 2068374 2068375 2068376 2068377 2070868 2071504 2071505 2071506 2071507 2071508 2071509 2071510 2071511 2071512 2071513 2071514 2071515 2072346 2072347 2072376 2074783 2074784 2079230 2163770 2163771 2163772
Blocks: 2067946
TreeView+ depends on / blocked
 
Reported: 2022-03-24 05:24 UTC by Rohit Keshri
Modified: 2023-12-07 15:25 UTC (History)
42 users (show)

Fixed In Version: zlib 1.2.12
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating (ex: when compressing) if the input has many distant matches. For some rare inputs with a large number of distant matches (crafted payloads), the buffer into which the compressed or deflated data is written can overwrite the distance symbol table which it overlays. This issue results in corrupted output due to invalid distances, which leads to out-of-bound access, corrupting the memory and potentially crashing the application.
Clone Of:
Environment:
Last Closed: 2023-04-17 19:05:10 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:1647 0 None None None 2022-04-29 19:26:38 UTC
Red Hat Product Errata RHBA-2022:1648 0 None None None 2022-04-29 19:35:49 UTC
Red Hat Product Errata RHBA-2022:1649 0 None None None 2022-05-02 01:04:23 UTC
Red Hat Product Errata RHBA-2022:1650 0 None None None 2022-05-02 01:03:43 UTC
Red Hat Product Errata RHBA-2022:1656 0 None None None 2022-05-02 01:38:32 UTC
Red Hat Product Errata RHBA-2022:1657 0 None None None 2022-05-02 01:45:56 UTC
Red Hat Product Errata RHBA-2022:1658 0 None None None 2022-05-02 01:55:06 UTC
Red Hat Product Errata RHBA-2022:1659 0 None None None 2022-05-02 02:05:04 UTC
Red Hat Product Errata RHBA-2022:1675 0 None None None 2022-05-02 18:13:51 UTC
Red Hat Product Errata RHBA-2022:1678 0 None None None 2022-05-03 07:02:32 UTC
Red Hat Product Errata RHBA-2022:1685 0 None None None 2022-05-04 00:50:05 UTC
Red Hat Product Errata RHBA-2022:1686 0 None None None 2022-05-04 08:11:36 UTC
Red Hat Product Errata RHBA-2022:1710 0 None None None 2022-05-04 13:17:07 UTC
Red Hat Product Errata RHBA-2022:1720 0 None None None 2022-05-05 15:04:44 UTC
Red Hat Product Errata RHBA-2022:1721 0 None None None 2022-05-05 12:34:15 UTC
Red Hat Product Errata RHBA-2022:1722 0 None None None 2022-05-05 12:34:35 UTC
Red Hat Product Errata RHBA-2022:1723 0 None None None 2022-05-05 12:20:57 UTC
Red Hat Product Errata RHBA-2022:1737 0 None None None 2022-05-05 16:32:54 UTC
Red Hat Product Errata RHBA-2022:1743 0 None None None 2022-05-06 17:38:28 UTC
Red Hat Product Errata RHBA-2022:1744 0 None None None 2022-05-09 01:07:40 UTC
Red Hat Product Errata RHBA-2022:1746 0 None None None 2022-05-09 08:16:30 UTC
Red Hat Product Errata RHBA-2022:1753 0 None None None 2022-05-09 14:50:53 UTC
Red Hat Product Errata RHBA-2022:2227 0 None None None 2022-05-12 05:58:20 UTC
Red Hat Product Errata RHBA-2022:2228 0 None None None 2022-05-12 05:59:52 UTC
Red Hat Product Errata RHBA-2022:2239 0 None None None 2022-05-16 13:53:34 UTC
Red Hat Product Errata RHBA-2022:2242 0 None None None 2022-05-12 17:37:44 UTC
Red Hat Product Errata RHBA-2022:2243 0 None None None 2022-05-12 17:40:14 UTC
Red Hat Product Errata RHBA-2022:2244 0 None None None 2022-05-12 17:41:32 UTC
Red Hat Product Errata RHBA-2022:2245 0 None None None 2022-05-12 17:42:57 UTC
Red Hat Product Errata RHBA-2022:2246 0 None None None 2022-05-12 17:43:48 UTC
Red Hat Product Errata RHBA-2022:2247 0 None None None 2022-05-12 18:26:33 UTC
Red Hat Product Errata RHBA-2022:2275 0 None None None 2022-05-16 11:45:24 UTC
Red Hat Product Errata RHBA-2022:2277 0 None None None 2022-05-16 13:47:47 UTC
Red Hat Product Errata RHBA-2022:2279 0 None None None 2022-05-16 16:20:58 UTC
Red Hat Product Errata RHBA-2022:3736 0 None None None 2022-05-17 10:33:34 UTC
Red Hat Product Errata RHBA-2022:4624 0 None None None 2022-05-18 11:58:08 UTC
Red Hat Product Errata RHBA-2022:4625 0 None None None 2022-05-18 10:48:12 UTC
Red Hat Product Errata RHBA-2022:4626 0 None None None 2022-05-18 10:48:18 UTC
Red Hat Product Errata RHBA-2022:4627 0 None None None 2022-05-18 10:53:56 UTC
Red Hat Product Errata RHBA-2022:4629 0 None None None 2022-05-18 11:10:15 UTC
Red Hat Product Errata RHBA-2022:4637 0 None None None 2022-05-18 11:57:41 UTC
Red Hat Product Errata RHBA-2022:4662 0 None None None 2022-05-18 15:29:44 UTC
Red Hat Product Errata RHBA-2022:4663 0 None Closed Using the Curl method to Register Hosts Leaves them in Build Mode 2022-06-20 15:24:00 UTC
Red Hat Product Errata RHBA-2022:4666 0 None None None 2022-05-18 19:37:23 UTC
Red Hat Product Errata RHBA-2022:4670 0 None None None 2022-05-18 22:37:16 UTC
Red Hat Product Errata RHBA-2022:4694 0 None None None 2022-05-23 07:14:30 UTC
Red Hat Product Errata RHBA-2022:4695 0 None None None 2022-05-23 08:18:22 UTC
Red Hat Product Errata RHBA-2022:4701 0 None None None 2022-05-23 11:14:22 UTC
Red Hat Product Errata RHBA-2022:4702 0 None None None 2022-05-23 12:21:09 UTC
Red Hat Product Errata RHBA-2022:4706 0 None None None 2022-05-23 17:09:18 UTC
Red Hat Product Errata RHBA-2022:4707 0 None None None 2022-05-23 14:10:00 UTC
Red Hat Product Errata RHBA-2022:4714 0 None Waiting on Red Hat Minor bug in RHCS5 documentation 2022-06-15 07:15:32 UTC
Red Hat Product Errata RHBA-2022:4715 0 None None None 2022-05-24 05:00:39 UTC
Red Hat Product Errata RHBA-2022:4716 0 None None None 2022-05-24 06:58:24 UTC
Red Hat Product Errata RHBA-2022:4746 0 None None None 2022-05-25 13:02:35 UTC
Red Hat Product Errata RHBA-2022:4760 0 None None None 2022-05-26 09:48:59 UTC
Red Hat Product Errata RHBA-2022:4763 0 None None None 2022-05-27 11:06:20 UTC
Red Hat Product Errata RHBA-2022:4777 0 None None None 2022-05-26 17:58:35 UTC
Red Hat Product Errata RHBA-2022:4778 0 None None None 2022-05-26 18:11:07 UTC
Red Hat Product Errata RHBA-2022:4779 0 None None None 2022-05-26 19:09:54 UTC
Red Hat Product Errata RHBA-2022:4794 0 None None None 2022-05-30 01:16:47 UTC
Red Hat Product Errata RHBA-2022:4842 0 None None None 2022-05-31 12:43:40 UTC
Red Hat Product Errata RHBA-2022:4858 0 None None None 2022-06-01 10:57:13 UTC
Red Hat Product Errata RHBA-2022:4877 0 None None None 2022-06-01 19:03:02 UTC
Red Hat Product Errata RHBA-2022:4885 0 None None None 2022-06-02 07:24:23 UTC
Red Hat Product Errata RHBA-2022:4886 0 None None None 2022-06-02 10:06:52 UTC
Red Hat Product Errata RHBA-2022:4928 0 None None None 2022-06-07 11:52:28 UTC
Red Hat Product Errata RHBA-2022:4934 0 None None None 2022-06-07 15:11:30 UTC
Red Hat Product Errata RHBA-2022:4935 0 None None None 2022-06-07 16:31:46 UTC
Red Hat Product Errata RHBA-2022:4936 0 None None None 2022-06-07 15:02:58 UTC
Red Hat Product Errata RHBA-2022:5044 0 None None None 2022-06-15 04:48:59 UTC
Red Hat Product Errata RHBA-2022:5092 0 None None None 2022-06-16 12:47:02 UTC
Red Hat Product Errata RHBA-2022:5540 0 None None None 2022-07-11 06:48:23 UTC
Red Hat Product Errata RHBA-2022:5546 0 None None None 2022-07-11 15:46:58 UTC
Red Hat Product Errata RHSA-2022:1591 0 None None None 2022-04-26 17:11:57 UTC
Red Hat Product Errata RHSA-2022:1642 0 None None None 2022-04-28 15:50:49 UTC
Red Hat Product Errata RHSA-2022:1661 0 None None None 2022-05-02 07:28:44 UTC
Red Hat Product Errata RHSA-2022:2192 0 None None None 2022-05-11 17:20:44 UTC
Red Hat Product Errata RHSA-2022:2197 0 None None None 2022-05-11 14:59:13 UTC
Red Hat Product Errata RHSA-2022:2198 0 None None None 2022-05-11 18:32:50 UTC
Red Hat Product Errata RHSA-2022:2201 0 None None None 2022-05-11 18:49:21 UTC
Red Hat Product Errata RHSA-2022:2213 0 None None None 2022-05-11 20:17:06 UTC
Red Hat Product Errata RHSA-2022:2214 0 None None None 2022-05-11 18:32:29 UTC
Red Hat Product Errata RHSA-2022:4584 0 None None None 2022-05-17 23:39:46 UTC
Red Hat Product Errata RHSA-2022:4592 0 None None None 2022-05-18 01:16:52 UTC
Red Hat Product Errata RHSA-2022:4845 0 None None None 2022-05-31 14:51:46 UTC
Red Hat Product Errata RHSA-2022:4896 0 None None None 2022-06-03 13:48:42 UTC
Red Hat Product Errata RHSA-2022:5439 0 None None None 2022-06-30 07:31:48 UTC
Red Hat Product Errata RHSA-2022:7144 0 None None None 2022-11-07 10:21:13 UTC
Red Hat Product Errata RHSA-2022:7813 0 None None None 2022-11-08 10:34:59 UTC
Red Hat Product Errata RHSA-2022:8420 0 None None None 2022-11-15 11:10:20 UTC
Red Hat Product Errata RHSA-2023:0943 0 None None None 2023-02-28 08:03:32 UTC
Red Hat Product Errata RHSA-2023:0975 0 None None None 2023-02-28 08:10:41 UTC
Red Hat Product Errata RHSA-2023:0976 0 None None None 2023-02-28 08:10:58 UTC

Description Rohit Keshri 2022-03-24 05:24:21 UTC 
Greetings list, I was recently trying to track down a reproducible crash
in a compressor. Believe it or not, it really was a bug in
zlib-1.2.11 when compressing (not decompressing!) certain inputs.

I reported it upstream, but it turns out the issue has been public since
2018, but the patch never made it into a release. As far as I know,
nobody ever assigned it a CVE.

https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531

As far as I can tell, no distros have picked this up.

Tavis.


-- 
 _o)            $ lynx lock.cmpxchg8b.com
 /\\  _o)  _o)  $ finger taviso
_\_V _( ) _( )  @taviso
Comment 2 Sandipan Roy 2022-03-24 11:43:28 UTC 
Created zlib tracking bugs for this issue:

Affects: fedora-all [bug 2068066]
Comment 3 Sandipan Roy 2022-03-24 12:49:29 UTC 
*** Bug 2068073 has been marked as a duplicate of this bug. ***
Comment 5 TEJ RATHI 2022-03-25 05:29:11 UTC 
Created mingw-zlib tracking bugs for this issue:

Affects: fedora-all [bug 2068368]


Created rsync tracking bugs for this issue:

Affects: fedora-all [bug 2068369]
Comment 13 TEJ RATHI 2022-04-01 09:01:05 UTC 
Created BackupPC-XS tracking bugs for this issue:

Affects: epel-all [bug 2070867]
Affects: fedora-all [bug 2070868]
Comment 18 TEJ RATHI 2022-04-26 11:31:34 UTC 
The issue wasn't publicly labelled as security vulnerability until 2022, but the fix was public since 2018.
Comment 19 errata-xmlrpc 2022-04-26 17:11:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:1591 https://access.redhat.com/errata/RHSA-2022:1591
Comment 21 errata-xmlrpc 2022-04-28 15:50:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1642 https://access.redhat.com/errata/RHSA-2022:1642
Comment 22 errata-xmlrpc 2022-05-02 07:28:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:1661 https://access.redhat.com/errata/RHSA-2022:1661
Comment 23 errata-xmlrpc 2022-05-11 14:59:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:2197 https://access.redhat.com/errata/RHSA-2022:2197
Comment 24 errata-xmlrpc 2022-05-11 17:20:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:2192 https://access.redhat.com/errata/RHSA-2022:2192
Comment 25 errata-xmlrpc 2022-05-11 18:32:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2022:2214 https://access.redhat.com/errata/RHSA-2022:2214
Comment 26 errata-xmlrpc 2022-05-11 18:32:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2022:2214 https://access.redhat.com/errata/RHSA-2022:2214
Comment 27 errata-xmlrpc 2022-05-11 18:32:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:2198 https://access.redhat.com/errata/RHSA-2022:2198
Comment 28 errata-xmlrpc 2022-05-11 18:49:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:2201 https://access.redhat.com/errata/RHSA-2022:2201
Comment 29 errata-xmlrpc 2022-05-11 20:17:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:2213 https://access.redhat.com/errata/RHSA-2022:2213
Comment 31 errata-xmlrpc 2022-05-17 23:39:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:4584 https://access.redhat.com/errata/RHSA-2022:4584
Comment 32 errata-xmlrpc 2022-05-18 01:16:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:4592 https://access.redhat.com/errata/RHSA-2022:4592
Comment 38 errata-xmlrpc 2022-05-31 14:51:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:4845 https://access.redhat.com/errata/RHSA-2022:4845
Comment 39 errata-xmlrpc 2022-06-03 13:48:39 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2022:4896 https://access.redhat.com/errata/RHSA-2022:4896
Comment 41 errata-xmlrpc 2022-06-30 07:31:45 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2022:5439 https://access.redhat.com/errata/RHSA-2022:5439
Comment 42 Product Security DevOps Team 2022-07-01 14:11:45 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-25032
Comment 43 errata-xmlrpc 2022-11-07 10:21:09 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2022:7144 https://access.redhat.com/errata/RHSA-2022:7144
Comment 44 errata-xmlrpc 2022-11-08 10:34:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7813 https://access.redhat.com/errata/RHSA-2022:7813
Comment 45 errata-xmlrpc 2022-11-15 11:10:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:8420 https://access.redhat.com/errata/RHSA-2022:8420
Comment 47 errata-xmlrpc 2023-02-28 08:03:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support
  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.7 Telco Extended Update Support

Via RHSA-2023:0943 https://access.redhat.com/errata/RHSA-2023:0943
Comment 48 errata-xmlrpc 2023-02-28 08:10:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Advanced Update Support

Via RHSA-2023:0975 https://access.redhat.com/errata/RHSA-2023:0975
Comment 49 errata-xmlrpc 2023-02-28 08:10:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support

Via RHSA-2023:0976 https://access.redhat.com/errata/RHSA-2023:0976
Comment 51 Product Security DevOps Team 2023-04-17 19:05:05 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-25032
Note You need to log in before you can comment on or make changes to this bug.