MNBSD-2022-15: zlib heap buffer over-read/overflow in inflate() via large gzip header extra field

Severity: Unknown

Affected Package: zlib

Summary: zlib heap buffer over-read/overflow in inflate() via large gzip header extra field

Description

zlib through 1.2.12 had a heap-based buffer over-read or buffer overflow in inflate() in inflate.c via a large gzip header extra field. Applications that use inflateGetHeader() to process untrusted gzip data with a large extra field could be affected. Fixed on the current branch in 2.2.4 and on the older 1.2.x branch in 1.2.11.

Affected Versions

zlib

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2022-37434

Published: August 30, 2022
Last Modified: August 30, 2022