CVE-2018-25032
- Source
- https://cve.org/CVERecord?id=CVE-2018-25032
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-25032.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-25032
- Aliases
- Downstream
- Related
- Published
- 2022-03-25T09:15:08.187Z
- Modified
- 2026-06-26T04:04:30.073088961Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_RANGE", "cpes": [ "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "introduced": "10.15" }, { "fixed": "10.15.7" } ], "vendor_product": "apple:mac_os_x" }, { "source": "CPE_RANGE", "cpes": [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "introduced": "11.0" }, { "fixed": "11.6.6" }, { "introduced": "12.0.0" }, { "fixed": "12.4" } ], "vendor_product": "apple:macos" }, { "source": "CPE_RANGE", "cpes": [ "cpe:2.3:a:goto:gotoassist:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "fixed": "11.9.18" } ], "vendor_product": "goto:gotoassist" }, { "source": "CPE_RANGE", "cpes": [ "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "introduced": "10.7.0" }, { "fixed": "10.7.5" } ], "vendor_product": "mariadb:mariadb" }, { "source": "CPE_RANGE", "cpes": [ "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "introduced": "11.0.0" }, { "last_affected": "11.70.2" } ], "vendor_product": "netapp:e-series_santricity_os_controller" }, { "source": "CPE_RANGE", "cpes": [ "cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "fixed": "3.0" } ], "vendor_product": "siemens:scalance_sc622-2c_firmware" }, { "source": "CPE_RANGE", "cpes": [ "cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "fixed": "3.0" } ], "vendor_product": "siemens:scalance_sc626-2c_firmware" }, { "source": "CPE_RANGE", "cpes": [ "cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "fixed": "3.0" } ], "vendor_product": "siemens:scalance_sc632-2c_firmware" }, { "source": "CPE_RANGE", "cpes": [ "cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "fixed": "3.0" } ], "vendor_product": "siemens:scalance_sc636-2c_firmware" }, { "source": "CPE_RANGE", "cpes": [ "cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "fixed": "3.0" } ], "vendor_product": "siemens:scalance_sc642-2c_firmware" }, { "source": "CPE_RANGE", "cpes": [ "cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "fixed": "3.0" } ], "vendor_product": "siemens:scalance_sc646-2c_firmware" }, { "source": "CPE_STRING", "cpes": [ "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "10.15.7-NA" }, { "last_affected": "10.15.7-security_update_2020" }, { "last_affected": "10.15.7-security_update_2020\\-001" }, { "last_affected": "10.15.7-security_update_2020\\-005" }, { "last_affected": "10.15.7-security_update_2020\\-007" }, { "last_affected": "10.15.7-security_update_2021\\-001" }, { "last_affected": "10.15.7-security_update_2021\\-002" }, { "last_affected": "10.15.7-security_update_2021\\-003" }, { "last_affected": "10.15.7-security_update_2021\\-006" }, { "last_affected": "10.15.7-security_update_2021\\-007" }, { "last_affected": "10.15.7-security_update_2021\\-008" }, { "last_affected": "10.15.7-security_update_2022\\-001" }, { "last_affected": "10.15.7-security_update_2022\\-002" }, { "last_affected": "10.15.7-security_update_2022\\-003" } ], "vendor_product": "apple:mac_os_x" }, { "source": "CPE_STRING", "cpes": [ "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*", "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*", "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*", "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*", "cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*", "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*", "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "6.45" }, { "last_affected": "7.52" }, { "last_affected": "8.60" }, { "last_affected": "11.54" }, { "last_affected": "13.46" }, { "last_affected": "15.38" }, { "last_affected": "17.32" } ], "vendor_product": "azul:zulu" }, { "source": "CPE_STRING", "cpes": [ "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "9.0" }, { "last_affected": "10.0" }, { "last_affected": "11.0" } ], "vendor_product": "debian:debian_linux" }, { "source": "CPE_STRING", "cpes": [ "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "34" }, { "last_affected": "35" }, { "last_affected": "36" } ], "vendor_product": "fedoraproject:fedora" } ] }- References
-
- http://seclists.org/fulldisclosure/2022/May/33
- http://seclists.org/fulldisclosure/2022/May/35
- http://seclists.org/fulldisclosure/2022/May/38
- http://www.openwall.com/lists/oss-security/2022/03/25/2
- https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf
- https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
- https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
- https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
- https://security.gentoo.org/glsa/202210-42
- https://security.netapp.com/advisory/ntap-20220526-0009/
- https://security.netapp.com/advisory/ntap-20220729-0004/
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213256
- https://support.apple.com/kb/HT213257
- https://www.openwall.com/lists/oss-security/2022/03/24/1
- https://www.openwall.com/lists/oss-security/2022/03/28/3
- https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
- https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
- https://github.com/madler/zlib/issues/605
- https://www.debian.org/security/2022/dsa-5111
- https://www.oracle.com/security-alerts/cpujul2022.html
- http://www.openwall.com/lists/oss-security/2022/03/26/1
- https://www.openwall.com/lists/oss-security/2022/03/28/1
Affected packages
Git
github.com/madler/zlib
Affected versions
v1.*
v1.2.10
v1.2.11
v1.2.2.2
v1.2.2.3
v1.2.2.4
v1.2.3
v1.2.3.1
v1.2.3.2
v1.2.3.3
v1.2.3.4
v1.2.3.5
v1.2.3.6
v1.2.3.7
v1.2.3.8
v1.2.3.9
v1.2.4
v1.2.4-pre1
v1.2.4-pre2
v1.2.4.1
v1.2.4.2
v1.2.4.3
v1.2.4.4
v1.2.4.5
v1.2.5
v1.2.5.1
v1.2.5.2
v1.2.5.3
v1.2.6
v1.2.6.1
v1.2.7
v1.2.7.1
v1.2.7.2
v1.2.7.3
v1.2.8
v1.2.9
github.com/mariadb/server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mariadb/server
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
- Database specific
{ "cpe": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "source": "CPE_RANGE", "extracted_events": [ { "introduced": "10.3.0" }, { "fixed": "10.3.36" }, { "introduced": "10.4.0" }, { "fixed": "10.4.26" }, { "introduced": "10.5.0" }, { "fixed": "10.5.17" }, { "introduced": "10.6.0" }, { "fixed": "10.6.9" }, { "introduced": "10.7.0" }, { "fixed": "10.7.5" }, { "introduced": "10.8.0" }, { "fixed": "10.8.4" }, { "introduced": "10.9.0" }, { "fixed": "10.9.2" } ] }
Affected versions
mariadb-10.*
mariadb-10.3.0
mariadb-10.3.1
mariadb-10.3.10
mariadb-10.3.12
mariadb-10.3.16
mariadb-10.3.17
mariadb-10.3.18
mariadb-10.3.19
mariadb-10.3.2
mariadb-10.3.20
mariadb-10.3.21
mariadb-10.3.26
mariadb-10.3.30
mariadb-10.3.31
mariadb-10.3.33
mariadb-10.3.35
mariadb-10.3.4
mariadb-10.3.5
mariadb-10.3.6
mariadb-10.3.7
mariadb-10.4.10
mariadb-10.4.11
mariadb-10.4.20
mariadb-10.4.21
mariadb-10.4.22
mariadb-10.4.23
mariadb-10.4.25
mariadb-10.4.3
mariadb-10.4.4
mariadb-10.4.5
mariadb-10.4.7
mariadb-10.4.9
mariadb-10.5.0
mariadb-10.5.11
mariadb-10.5.12
mariadb-10.5.13
mariadb-10.5.14
mariadb-10.5.16
mariadb-10.5.2
mariadb-10.5.4
mariadb-10.6.0
mariadb-10.6.1
mariadb-10.6.2
mariadb-10.6.3
mariadb-10.6.4
mariadb-10.6.5
mariadb-10.6.6
mariadb-10.6.8
mariadb-10.7.1
mariadb-10.7.2
mariadb-10.7.4
mariadb-10.8.1
mariadb-10.8.3
mariadb-10.9.1
github.com/python/cpython
Affected ranges
- Type
- GIT
- Repo
- https://github.com/python/cpython
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "cpe": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "source": "CPE_RANGE", "extracted_events": [ { "introduced": "3.7.0" }, { "fixed": "3.7.14" }, { "introduced": "3.8.0" }, { "fixed": "3.8.14" }, { "introduced": "3.9.0" }, { "fixed": "3.9.13" }, { "introduced": "3.10.0" }, { "fixed": "3.10.5" } ] }
github.com/sparklemotion/nokogiri
Affected ranges
- Type
- GIT
- Repo
- https://github.com/sparklemotion/nokogiri
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "cpe": "cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:ruby:*:*", "source": "CPE_RANGE", "extracted_events": [ { "introduced": "0" }, { "fixed": "1.13.4" } ] }
Affected versions
1.*
1.7.0.1-linux-binary1
REL_1.*
REL_1.0.0
REL_1.0.1
REL_1.0.2
REL_1.0.3
REL_1.0.4
REL_1.0.5
REL_1.0.6
REL_1.0.7
REL_1.5.0.beta.1
REL_1.5.0.beta.2
v1.*
v1.10.0
v1.10.0.rc1
v1.10.1
v1.10.2
v1.10.3
v1.11.0
v1.11.0.rc1
v1.11.0.rc2
v1.11.0.rc3
v1.11.0.rc4
v1.11.1
v1.11.2
v1.11.3
v1.12.0
v1.12.0.rc1
v1.12.1
v1.12.2
v1.12.3
v1.13.0
v1.13.1
v1.13.2
v1.13.3
v1.5.0
v1.5.0.beta.3
v1.5.0.beta.4
v1.5.1
v1.5.1.rc1
v1.5.2
v1.5.3
v1.5.3.rc1
v1.5.3.rc3
v1.5.3.rc4
v1.5.3.rc5
v1.5.3.rc6
v1.5.4.rc1
v1.5.4.rc2
v1.5.4.rc3
v1.5.5.rc1
v1.5.5.rc2
v1.5.6
v1.5.6.rc2
v1.5.7
v1.5.7.rc1
v1.5.7.rc2
v1.5.7.rc3
v1.5.8
v1.5.9
v1.6.0
v1.6.0.rc1
v1.6.2
v1.6.2.1
v1.6.2.beta.1
v1.6.2.rc1
v1.6.2.rc3
v1.6.3
v1.6.3.1
v1.6.3.rc1
v1.6.3.rc2
v1.6.3.rc3
v1.6.4
v1.6.5
v1.6.6
v1.6.6.1
v1.6.6.2
v1.6.7.rc1
v1.6.7.rc2
v1.6.7.rc3
v1.6.7.rc4
v1.6.8
v1.6.8.rc1
v1.6.8.rc2
v1.6.8.rc3
v1.7.0
v1.7.0.1
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.9.0
v1.9.0.rc1
v1.9.1