CVE-2018-25032

CVSS 7.5 - HIGH
Description

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Affected Products
50 of 73
Vendor Product Version
nokogiri nokogiri All versions
python python All versions
python python All versions
python python All versions
python python All versions
microsoft windows -
zlib zlib All versions
debian debian_linux 9.0
debian debian_linux 10.0
debian debian_linux 11.0
fedoraproject fedora 34
fedoraproject fedora 35
fedoraproject fedora 36
apple mac_os_x All versions
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple mac_os_x 10.15.7
apple macos All versions
apple macos All versions
mariadb mariadb All versions
mariadb mariadb All versions
mariadb mariadb All versions
mariadb mariadb All versions
mariadb mariadb All versions
mariadb mariadb All versions
mariadb mariadb All versions
netapp active_iq_unified_manager -
netapp e-series_santricity_os_controller All versions
netapp management_services_for_element_software -
netapp oncommand_workflow_automation -
netapp ontap_select_deploy_administration_utility -
netapp hci_compute_node -
netapp h300s_firmware -
netapp h300s -
netapp h500s_firmware -
netapp h500s -
netapp h700s_firmware -
netapp h700s -
netapp h410s_firmware -
Showing first 50 of 73 affected products.
References
http://seclists.org/fulldisclosure/2022/May/33
http://seclists.org/fulldisclosure/2022/May/35
http://seclists.org/fulldisclosure/2022/May/38
http://www.openwall.com/lists/oss-security/2022/03...
http://www.openwall.com/lists/oss-security/2022/03...
https://cert-portal.siemens.com/productcert/pdf/ss...
https://github.com/madler/zlib/commit/5c44459c3b28...
https://github.com/madler/zlib/compare/v1.2.11...v...
https://github.com/madler/zlib/issues/605
https://lists.debian.org/debian-lts-announce/2022/...
https://lists.debian.org/debian-lts-announce/2022/...
https://lists.debian.org/debian-lts-announce/2022/...
https://lists.fedoraproject.org/archives/list/pack...
https://lists.fedoraproject.org/archives/list/pack...
https://lists.fedoraproject.org/archives/list/pack...
https://lists.fedoraproject.org/archives/list/pack...
https://lists.fedoraproject.org/archives/list/pack...
https://lists.fedoraproject.org/archives/list/pack...
https://security.gentoo.org/glsa/202210-42
https://security.netapp.com/advisory/ntap-20220526...
Weakness Types
CWE-787 CWE-787
CVE Information
CVE ID:
CVE-2018-25032
Published:
2022-03-25
Modified:
2025-08-21
CVSS Score:
7.5
Severity:
HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Vendors
netapp mariadb python microsoft zlib apple nokogiri azul siemens goto fedoraproject debian
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL