CVE-2022-37434

ADVISORY - nist

Summary

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

EPSS Score⁠: 0.92678 (0.997)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-120⁠

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-787⁠

Out-of-bounds Write

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-787⁠

Out-of-bounds Write

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-119⁠

Improper Restriction of Operations within the Bounds of a Memory Buffer

Impacted images

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.