Lucene search
AmazonALAS2-2022-1849HistorySep 15, 2022 - 4:54 a.m.
Medium: zlib
2022-09-1504:54:00
alas.aws.amazon.com
22
zlib
security vulnerability
heap-based buffer overflow
amazon linux 2
update
new packages
cve-2022-37434
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.7%
Issue Overview:
A security vulnerability was found in zlib. The flaw triggered a heap-based buffer in inflate in the inflate.c function via a large gzip header extra field. This flaw is only applicable in the call inflateGetHeader. (CVE-2022-37434)
Affected Packages:
zlib
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update zlib to update your system.
New Packages:
aarch64:
zlib-1.2.7-19.amzn2.0.2.aarch64
zlib-devel-1.2.7-19.amzn2.0.2.aarch64
zlib-static-1.2.7-19.amzn2.0.2.aarch64
minizip-1.2.7-19.amzn2.0.2.aarch64
minizip-devel-1.2.7-19.amzn2.0.2.aarch64
zlib-debuginfo-1.2.7-19.amzn2.0.2.aarch64
i686:
zlib-1.2.7-19.amzn2.0.2.i686
zlib-devel-1.2.7-19.amzn2.0.2.i686
zlib-static-1.2.7-19.amzn2.0.2.i686
minizip-1.2.7-19.amzn2.0.2.i686
minizip-devel-1.2.7-19.amzn2.0.2.i686
zlib-debuginfo-1.2.7-19.amzn2.0.2.i686
src:
zlib-1.2.7-19.amzn2.0.2.src
x86_64:
zlib-1.2.7-19.amzn2.0.2.x86_64
zlib-devel-1.2.7-19.amzn2.0.2.x86_64
zlib-static-1.2.7-19.amzn2.0.2.x86_64
minizip-1.2.7-19.amzn2.0.2.x86_64
minizip-devel-1.2.7-19.amzn2.0.2.x86_64
zlib-debuginfo-1.2.7-19.amzn2.0.2.x86_64
Additional References
Red Hat: CVE-2022-37434
Mitre: CVE-2022-37434
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 2 | aarch64 | zlib | < 1.2.7-19.amzn2.0.2 | zlib-1.2.7-19.amzn2.0.2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | zlib-devel | < 1.2.7-19.amzn2.0.2 | zlib-devel-1.2.7-19.amzn2.0.2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | zlib-static | < 1.2.7-19.amzn2.0.2 | zlib-static-1.2.7-19.amzn2.0.2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | minizip | < 1.2.7-19.amzn2.0.2 | minizip-1.2.7-19.amzn2.0.2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | minizip-devel | < 1.2.7-19.amzn2.0.2 | minizip-devel-1.2.7-19.amzn2.0.2.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | zlib-debuginfo | < 1.2.7-19.amzn2.0.2 | zlib-debuginfo-1.2.7-19.amzn2.0.2.aarch64.rpm |
| Amazon Linux | 2 | i686 | zlib | < 1.2.7-19.amzn2.0.2 | zlib-1.2.7-19.amzn2.0.2.i686.rpm |
| Amazon Linux | 2 | i686 | zlib-devel | < 1.2.7-19.amzn2.0.2 | zlib-devel-1.2.7-19.amzn2.0.2.i686.rpm |
| Amazon Linux | 2 | i686 | zlib-static | < 1.2.7-19.amzn2.0.2 | zlib-static-1.2.7-19.amzn2.0.2.i686.rpm |
| Amazon Linux | 2 | i686 | minizip | < 1.2.7-19.amzn2.0.2 | minizip-1.2.7-19.amzn2.0.2.i686.rpm |
Related
veracode
veracode
Denial Of Service (DoS)
2022-08-09 02:04:05
nessus
nessus
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : rsync vulnerability (USN-5573-1)
2022-08-19 00:00:00
Debian DSA-5218-1 : zlib - security update
2022-08-26 00:00:00
CentOS 7 : zlib (RHSA-2023:1095)
2023-03-09 00:00:00
osv
osv
CVE-2022-37434
2022-08-05 07:15:07
Moderate: rsync security and bug fix update
2022-11-15 06:20:39
Moderate: rsync security and enhancement update
2022-11-08 06:29:11
openvas
openvas
Huawei EulerOS: Security Advisory for zlib (EulerOS-SA-2023-1211)
2023-01-12 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2846-1)
2022-08-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2847-1)
2022-08-19 00:00:00
debian
debian
[SECURITY] [DSA 5218-1] zlib security update
2022-08-25 19:51:59
[SECURITY] [DLA 3103-1] zlib security update
2022-09-12 09:00:53
cloudlinux
cloudlinux
Fixed CVE-2022-37434 in zlib
2022-08-17 18:47:33
Fixed CVE-2022-37434 in rsync
2022-08-25 15:56:39
cloudfoundry
cloudfoundry
USN-5573-1: rsync vulnerability | Cloud Foundry
2023-01-19 00:00:00
USN-5570-1: zlib vulnerability | Cloud Foundry
2023-01-19 00:00:00
USN-5570-1: zlib vulnerability | Cloud Foundry
2022-08-25 00:00:00
almalinux
almalinux
Moderate: rsync security and bug fix update
2022-11-15 00:00:00
Moderate: rsync security and enhancement update
2022-11-08 00:00:00
Moderate: zlib security update
2022-10-25 00:00:00
oraclelinux
oraclelinux
zlib security update
2022-11-02 00:00:00
zlib security update
2022-11-09 00:00:00
zlib security update
2022-11-09 00:00:00
rocky
rocky
zlib security update
2022-11-02 13:50:56
zlib security update
2022-10-25 07:22:56
rsync security and enhancement update
2022-11-08 06:29:11
f5
f5
K67213091 : Zlib vulnerability CVE-2022-37434
2022-10-21 00:00:00
ibm
ibm
Security Bulletin: IBM Planning Analytics Workspace has addressed a vulnerability in GNU zlib (CVE-2022-37434)
2023-06-07 21:00:25
debiancve
debiancve
CVE-2022-37434
2022-08-05 07:15:07
ubuntu
ubuntu
zlib vulnerability
2022-10-17 00:00:00
zlib vulnerability
2022-08-17 00:00:00
rsync vulnerability
2022-08-18 00:00:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Zlib
2022-09-30 10:20:36
Exploit for Out-of-bounds Write in Zlib
2022-09-14 07:28:23
Exploit for Out-of-bounds Write in Zlib
2024-02-02 14:25:28
redhat
redhat
(RHSA-2022:8291) Moderate: rsync security and bug fix update
2022-11-15 06:20:39
(RHSA-2023:1095) Moderate: zlib security update
2023-03-07 08:56:16
(RHSA-2024:0254) Moderate: rsync security update
2024-01-15 15:28:49
photon
photon
Critical Photon OS Security Update - PHSA-2022-0236
2022-08-23 00:00:00
Critical Photon OS Security Update - PHSA-2022-4.0-0236
2022-08-23 00:00:00
alpinelinux
alpinelinux
CVE-2022-37434
2022-08-05 07:15:07
amazon
amazon
Medium: rsync
2023-06-05 16:39:00
Medium: zlib
2022-12-01 17:34:00
cgr
cgr
CVE-2022-37434 vulnerabilities
2024-05-19 03:07:16
redos
redos
ROS-20221207-01
2022-12-07 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-37434 affecting package crash for versions less than 8.0.4-2
2024-06-21 09:32:44
CVE-2022-37434 affecting package zlib for versions less than 1.2.12-2
2022-09-13 22:36:39
CVE-2022-37434 affecting package zlib 1.2.12-1
2022-08-24 22:05:05
slackware
slackware
[slackware-security] zlib
2022-10-15 20:38:53
fedora
fedora
[SECURITY] Fedora 37 Update: zlib-1.2.12-5.fc37
2022-09-14 00:23:02
[SECURITY] Fedora 35 Update: zlib-1.2.11-32.fc35
2022-09-16 01:46:40
[SECURITY] Fedora 36 Update: zlib-1.2.11-33.fc36
2022-09-02 09:55:06
suse
suse
Security update for zlib (important)
2022-09-01 00:00:00
Security update for zlib (important)
2022-08-31 00:00:00
centos
centos
minizip, zlib security update
2023-03-08 16:30:28
rosalinux
rosalinux
Advisory ROSA-SA-2023-2131
2023-03-14 14:13:27
qt
qt
Security advisory: zlib in Qt
2022-09-12 00:00:00
freebsd
freebsd
FreeBSD -- zlib heap buffer overflow
2022-08-30 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-22:13.zlib
2022-08-30 00:00:00
wolfi
wolfi
CVE-2022-37434 vulnerabilities
2024-07-03 09:08:38
aix
aix
AIX is vulnerable to denial of service due to zlib and zlibNX
2023-07-25 11:05:17
redhatcve
redhatcve
CVE-2022-37434
2022-08-09 06:36:51
mageia
mageia
Updated zlib packages fix security vulnerability
2022-09-16 22:39:55
cvelist
cvelist
CVE-2022-37434
2022-08-05 00:00:00
ubuntucve
ubuntucve
CVE-2022-37434
2022-08-05 00:00:00
nvd
nvd
CVE-2022-37434
2022-08-05 07:15:07
prion
prion
Heap overflow
2022-08-05 07:15:00
cve
cve
CVE-2022-37434
2022-08-05 07:15:07
gentoo
gentoo
zlib: Multiple vulnerabilities
2022-10-31 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.7%
Related for ALAS2-2022-1849