DEBIAN-CVE-2022-37434

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2022-37434

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-37434.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-37434

Upstream

CVE-2022-37434

Published

2022-08-05T07:15:07.240Z

Modified

2025-11-14T04:05:18.985683Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

References

https://security-tracker.debian.org/tracker/CVE-2022-37434

Affected packages

Debian:11

libz-mingw-w64

Package

Name: libz-mingw-w64
Purl: pkg:deb/debian/libz-mingw-w64?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.11+dfsg-2

1.2.11+dfsg-3

1.2.11+dfsg-4

1.2.11+dfsg-5

1.2.12+dfsg-1

1.2.12+dfsg-2

1.2.13+dfsg-1~bpo11+1

1.2.13+dfsg-1

1.3+dfsg-1

1.3.1+dfsg-1

1.3.1+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

zlib

Package

Name: zlib
Purl: pkg:deb/debian/zlib?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.2.11.dfsg-2+deb11u2

Affected versions

1:1.*

1:1.2.11.dfsg-2

1:1.2.11.dfsg-2+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12

libz-mingw-w64

Package

Name: libz-mingw-w64
Purl: pkg:deb/debian/libz-mingw-w64?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.12+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

zlib

Package

Name: zlib
Purl: pkg:deb/debian/zlib?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.2.11.dfsg-4.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13

libz-mingw-w64

Package

Name: libz-mingw-w64
Purl: pkg:deb/debian/libz-mingw-w64?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.12+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

zlib

Package

Name: zlib
Purl: pkg:deb/debian/zlib?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.2.11.dfsg-4.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14

libz-mingw-w64

Package

Name: libz-mingw-w64
Purl: pkg:deb/debian/libz-mingw-w64?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.12+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

zlib

Package

Name: zlib
Purl: pkg:deb/debian/zlib?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.2.11.dfsg-4.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}