CVE-2018-25032

HIGH

zlib <1.2.12 - Memory Corruption

Title source: llm

Description

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Exploits (3)

nomisec STUB 1 stars

by Trinadh465 · poc

https://github.com/Trinadh465/external_zlib_4.4_CVE-2018-25032

View Code ZIP pw:eip

nomisec WORKING POC

by Trinadh465 · poc

https://github.com/Trinadh465/external_zlib_AOSP10_r33_CVE-2018-25032

View Code ZIP pw:eip

nomisec STUB

by Satheesh575555 · poc

https://github.com/Satheesh575555/external_zlib-1.2.7_CVE-2018-25032

View Code ZIP pw:eip

References (29)

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/May/33

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/May/35

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2022/May/38

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2022/03/25/2

[Exploit, Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2022/03/26/1

[Third Party Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf

[Patch, Third Party Advisory] https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531

[Patch, Third Party Advisory] https://github.com/madler/zlib/compare/v1.2.11...v1.2.12

[Issue Tracking, Patch, Third Party Advisory] https://github.com/madler/zlib/issues/605

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html

[Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/

[Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/

[Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/

[Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/

[Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/

[Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/

[Third Party Advisory] https://security.gentoo.org/glsa/202210-42

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20220526-0009/

... and 9 more

Scores

CVSS v3 7.5

EPSS 0.0009

EPSS Percentile 25.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-787

Status published

Products (37)

apple/macos 11.0 - 11.6.6

apple/mac_os_x 10.15.7 (14 CPE variants)

apple/mac_os_x 10.15 - 10.15.7

azul/zulu 6.45

azul/zulu 7.52

azul/zulu 8.60

azul/zulu 11.54

azul/zulu 13.46

azul/zulu 15.38

azul/zulu 17.32

... and 27 more

Published Mar 25, 2022

Tracked Since Feb 18, 2026