Fluid Attacks Database

Description

arbitrary code execution

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.17	zlib	=1.2.10-r0 \|\| =1.2.11-r0 \|\| =1.2.11-r1 \|\| =1.2.11-r2 \|\| =1.2.11-r3 \|\| =1.2.11-r4 \|\| =1.2.12-r0 \|\| =1.2.12-r1 \|\| =1.2.3.3-r2 \|\| =1.2.3.3-r3 \|\| =1.2.3.3-r4 \|\| =1.2.3.3-r5 \|\| =1.2.3.3-r6 \|\| =1.2.3.3-r7 \|\| =1.2.3.4-r0 \|\| =1.2.3.4-r1 \|\| =1.2.3.7-r0 \|\| =1.2.3.7-r1 \|\| =1.2.3.9-r0 \|\| =1.2.4-r0 \|\| =1.2.4-r1 \|\| =1.2.5-r0 \|\| =1.2.5-r1 \|\| =1.2.5-r2 \|\| =1.2.6-r0 \|\| =1.2.7-r0 \|\| =1.2.7-r1 \|\| =1.2.8-r0 \|\| =1.2.8-r1 \|\| =1.2.8-r2 \|\| >=0 <1.2.12-r2	1.2.12-r2
alpine v3.18	zlib	=1.2.10-r0 \|\| =1.2.11-r0 \|\| =1.2.11-r1 \|\| =1.2.11-r2 \|\| =1.2.11-r3 \|\| =1.2.11-r4 \|\| =1.2.12-r0 \|\| =1.2.12-r1 \|\| =1.2.3.3-r2 \|\| =1.2.3.3-r3 \|\| =1.2.3.3-r4 \|\| =1.2.3.3-r5 \|\| =1.2.3.3-r6 \|\| =1.2.3.3-r7 \|\| =1.2.3.4-r0 \|\| =1.2.3.4-r1 \|\| =1.2.3.7-r0 \|\| =1.2.3.7-r1 \|\| =1.2.3.9-r0 \|\| =1.2.4-r0 \|\| =1.2.4-r1 \|\| =1.2.5-r0 \|\| =1.2.5-r1 \|\| =1.2.5-r2 \|\| =1.2.6-r0 \|\| =1.2.7-r0 \|\| =1.2.7-r1 \|\| =1.2.8-r0 \|\| =1.2.8-r1 \|\| =1.2.8-r2 \|\| >=0 <1.2.12-r2	1.2.12-r2
alpine v3.19	zlib	=1.2.10-r0 \|\| =1.2.11-r0 \|\| =1.2.11-r1 \|\| =1.2.11-r2 \|\| =1.2.11-r3 \|\| =1.2.11-r4 \|\| =1.2.12-r0 \|\| =1.2.12-r1 \|\| =1.2.3.3-r2 \|\| =1.2.3.3-r3 \|\| =1.2.3.3-r4 \|\| =1.2.3.3-r5 \|\| =1.2.3.3-r6 \|\| =1.2.3.3-r7 \|\| =1.2.3.4-r0 \|\| =1.2.3.4-r1 \|\| =1.2.3.7-r0 \|\| =1.2.3.7-r1 \|\| =1.2.3.9-r0 \|\| =1.2.4-r0 \|\| =1.2.4-r1 \|\| =1.2.5-r0 \|\| =1.2.5-r1 \|\| =1.2.5-r2 \|\| =1.2.6-r0 \|\| =1.2.7-r0 \|\| =1.2.7-r1 \|\| =1.2.8-r0 \|\| =1.2.8-r1 \|\| =1.2.8-r2 \|\| >=0 <1.2.12-r2	1.2.12-r2
alpine v3.20	zlib	=1.2.10-r0 \|\| =1.2.11-r0 \|\| =1.2.11-r1 \|\| =1.2.11-r2 \|\| =1.2.11-r3 \|\| =1.2.11-r4 \|\| =1.2.12-r0 \|\| =1.2.12-r1 \|\| =1.2.3.3-r2 \|\| =1.2.3.3-r3 \|\| =1.2.3.3-r4 \|\| =1.2.3.3-r5 \|\| =1.2.3.3-r6 \|\| =1.2.3.3-r7 \|\| =1.2.3.4-r0 \|\| =1.2.3.4-r1 \|\| =1.2.3.7-r0 \|\| =1.2.3.7-r1 \|\| =1.2.3.9-r0 \|\| =1.2.4-r0 \|\| =1.2.4-r1 \|\| =1.2.5-r0 \|\| =1.2.5-r1 \|\| =1.2.5-r2 \|\| =1.2.6-r0 \|\| =1.2.7-r0 \|\| =1.2.7-r1 \|\| =1.2.8-r0 \|\| =1.2.8-r1 \|\| =1.2.8-r2 \|\| >=0 <1.2.12-r2	1.2.12-r2
alpine v3.21	zlib	=1.2.10-r0 \|\| =1.2.11-r0 \|\| =1.2.11-r1 \|\| =1.2.11-r2 \|\| =1.2.11-r3 \|\| =1.2.11-r4 \|\| =1.2.12-r0 \|\| =1.2.12-r1 \|\| =1.2.3.3-r2 \|\| =1.2.3.3-r3 \|\| =1.2.3.3-r4 \|\| =1.2.3.3-r5 \|\| =1.2.3.3-r6 \|\| =1.2.3.3-r7 \|\| =1.2.3.4-r0 \|\| =1.2.3.4-r1 \|\| =1.2.3.7-r0 \|\| =1.2.3.7-r1 \|\| =1.2.3.9-r0 \|\| =1.2.4-r0 \|\| =1.2.4-r1 \|\| =1.2.5-r0 \|\| =1.2.5-r1 \|\| =1.2.5-r2 \|\| =1.2.6-r0 \|\| =1.2.7-r0 \|\| =1.2.7-r1 \|\| =1.2.8-r0 \|\| =1.2.8-r1 \|\| =1.2.8-r2 \|\| >=0 <1.2.12-r2	1.2.12-r2
alpine v3.22	zlib	=1.2.10-r0 \|\| =1.2.11-r0 \|\| =1.2.11-r1 \|\| =1.2.11-r2 \|\| =1.2.11-r3 \|\| =1.2.11-r4 \|\| =1.2.12-r0 \|\| =1.2.12-r1 \|\| =1.2.3.3-r2 \|\| =1.2.3.3-r3 \|\| =1.2.3.3-r4 \|\| =1.2.3.3-r5 \|\| =1.2.3.3-r6 \|\| =1.2.3.3-r7 \|\| =1.2.3.4-r0 \|\| =1.2.3.4-r1 \|\| =1.2.3.7-r0 \|\| =1.2.3.7-r1 \|\| =1.2.3.9-r0 \|\| =1.2.4-r0 \|\| =1.2.4-r1 \|\| =1.2.5-r0 \|\| =1.2.5-r1 \|\| =1.2.5-r2 \|\| =1.2.6-r0 \|\| =1.2.7-r0 \|\| =1.2.7-r1 \|\| =1.2.8-r0 \|\| =1.2.8-r1 \|\| =1.2.8-r2 \|\| >=0 <1.2.12-r2	1.2.12-r2
debian 11	libz-mingw-w64	=1.2.11+dfsg-2 \|\| =1.2.11+dfsg-3 \|\| =1.2.11+dfsg-4 \|\| =1.2.11+dfsg-5 \|\| =1.2.12+dfsg-1 \|\| =1.2.12+dfsg-2 \|\| =1.2.13+dfsg-1 \|\| =1.2.13+dfsg-1~bpo11+1 \|\| =1.3+dfsg-1 \|\| =1.3.1+dfsg-1 \|\| =1.3.1+dfsg-2 \|\| =1.3.2+dfsg-1	-
alpine v3.16	zlib	=1.2.10-r0 \|\| =1.2.11-r0 \|\| =1.2.11-r1 \|\| =1.2.11-r2 \|\| =1.2.11-r3 \|\| =1.2.11-r4 \|\| =1.2.12-r0 \|\| =1.2.12-r1 \|\| =1.2.3.3-r2 \|\| =1.2.3.3-r3 \|\| =1.2.3.3-r4 \|\| =1.2.3.3-r5 \|\| =1.2.3.3-r6 \|\| =1.2.3.3-r7 \|\| =1.2.3.4-r0 \|\| =1.2.3.4-r1 \|\| =1.2.3.7-r0 \|\| =1.2.3.7-r1 \|\| =1.2.3.9-r0 \|\| =1.2.4-r0 \|\| =1.2.4-r1 \|\| =1.2.5-r0 \|\| =1.2.5-r1 \|\| =1.2.5-r2 \|\| =1.2.6-r0 \|\| =1.2.7-r0 \|\| =1.2.7-r1 \|\| =1.2.8-r0 \|\| =1.2.8-r1 \|\| =1.2.8-r2 \|\| >=0 <1.2.12-r2	1.2.12-r2
debian 13	libz-mingw-w64	>=0 <1.2.12+dfsg-2	1.2.12+dfsg-2
debian 13	zlib	>=0 <1:1.2.11.dfsg-4.1	1:1.2.11.dfsg-4.1

1-10 of 31

Aliases

1. CVE-2022-374342. NVD-2022-374343. OSV-ALPINE-2022-374344. OSV-2022-374345. OSV-DEBIAN-2022-374346. GCVE-2022-374347. SECURITY-CVE-2022-374348. SECURITY-TRACKER-CVE-2022-37434

References

1. https://github.com/xen0bit/CVE-2022-37434_poc2. https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L7643. https://github.com/ivd38/zlib_overflow4. https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece15. https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L10636. http://www.openwall.com/lists/oss-security/2022/08/05/27. https://github.com/curl/curl/issues/92718. http://www.openwall.com/lists/oss-security/2022/08/09/1

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.