CVE-2022-37434
CVSS 9.8 - CRITICAL
Description
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
Affected Products
31| Vendor | Product | Version |
|---|---|---|
| zlib | zlib |
All versions
|
| fedoraproject | fedora |
35
|
| fedoraproject | fedora |
36
|
| fedoraproject | fedora |
37
|
| debian | debian_linux |
10.0
|
| netapp | active_iq_unified_manager |
-
|
| netapp | active_iq_unified_manager |
-
|
| netapp | hci |
-
|
| netapp | management_services_for_element_software |
-
|
| netapp | oncommand_workflow_automation |
-
|
| netapp | ontap_select_deploy_administration_utility |
-
|
| netapp | storagegrid |
-
|
| netapp | hci_compute_node |
-
|
| netapp | h300s_firmware |
-
|
| netapp | h300s |
-
|
| netapp | h500s_firmware |
-
|
| netapp | h500s |
-
|
| netapp | h700s_firmware |
-
|
| netapp | h700s |
-
|
| netapp | h700s_firmware |
-
|
| netapp | h700s |
-
|
| apple | ipados |
All versions
|
| apple | iphone_os |
All versions
|
| apple | iphone_os |
All versions
|
| apple | macos |
All versions
|
| apple | macos |
All versions
|
| apple | watchos |
All versions
|
| stormshield | stormshield_network_security |
All versions
|
| stormshield | stormshield_network_security |
All versions
|
| stormshield | stormshield_network_security |
All versions
|
| stormshield | stormshield_network_security |
All versions
|
References
Weakness Types
CWE-787
CWE-120
CVE Information
- CVE ID:
CVE-2022-37434- Published:
- 2022-08-05
- Modified:
- 2025-05-30
- CVSS Score:
- 9.8
- Severity:
- CRITICAL
- Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Vendors
netapp
zlib
apple
stormshield
fedoraproject
debian
Quick Actions
CVSS Severity Scale
0.0 - 3.9
LOW
4.0 - 6.9
MEDIUM
7.0 - 8.9
HIGH
9.0 - 10.0
CRITICAL