CVE-2018-25032: Input Validation
First published: Fri Apr 20 2018(Updated: )
An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating (ex: when compressing) if the input has many distant matches. For some rare inputs with a large number of distant matches (crafted payloads), the buffer into which the compressed or deflated data is written can overwrite the distance symbol table which it overlays. This issue results in corrupted output due to invalid distances, which leads to out-of-bound access, corrupting the memory and potentially crashing the application.
Credit: cve@mitre.org Tavis Ormandy cve@mitre.org Tavis Ormandy Tavis Ormandy cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/zlib | <0:1.2.3-31.el6_10 | 0:1.2.3-31.el6_10 |
| redhat/zlib | <0:1.2.7-20.el7_9 | 0:1.2.7-20.el7_9 |
| redhat/zlib | <0:1.2.7-17.el7_4.1 | 0:1.2.7-17.el7_4.1 |
| redhat/zlib | <0:1.2.7-18.el7_6.1 | 0:1.2.7-18.el7_6.1 |
| redhat/zlib | <0:1.2.7-18.el7_7.1 | 0:1.2.7-18.el7_7.1 |
| redhat/mingw-zlib | <0:1.2.8-10.el8 | 0:1.2.8-10.el8 |
| redhat/zlib | <0:1.2.11-18.el8_5 | 0:1.2.11-18.el8_5 |
| redhat/rsync | <0:3.1.3-14.el8_6.2 | 0:3.1.3-14.el8_6.2 |
| redhat/zlib | <0:1.2.11-11.el8_1.1 | 0:1.2.11-11.el8_1.1 |
| redhat/rsync | <0:3.1.3-6.el8_1.1 | 0:3.1.3-6.el8_1.1 |
| redhat/zlib | <0:1.2.11-17.el8_2 | 0:1.2.11-17.el8_2 |
| redhat/rsync | <0:3.1.3-7.el8_2.1 | 0:3.1.3-7.el8_2.1 |
| redhat/rsync | <0:3.1.3-12.el8_4.1 | 0:3.1.3-12.el8_4.1 |
| redhat/zlib | <0:1.2.11-18.el8_4 | 0:1.2.11-18.el8_4 |
| redhat/zlib | <0:1.2.11-31.el9_0.1 | 0:1.2.11-31.el9_0.1 |
| redhat/rsync | <0:3.2.3-9.el9_0.1 | 0:3.2.3-9.el9_0.1 |
| redhat/mingw-zlib | <0:1.2.12-2.el9 | 0:1.2.12-2.el9 |
| redhat/redhat-virtualization-host | <0:4.3.23-20220622.0.el7_9 | 0:4.3.23-20220622.0.el7_9 |
| debian/zlib | <=1:1.2.11.dfsg-2<=1:1.2.8.dfsg-5<=1:1.2.11.dfsg-1 | 1:1.2.11.dfsg-4 1:1.2.11.dfsg-2+deb11u1 1:1.2.11.dfsg-1+deb10u1 |
| Apple Catalina | ||
| redhat/zlib | <1.2.12 | 1.2.12 |
| Zlib Zlib | <1.2.12 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| Fedoraproject Fedora | =34 | |
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| Apple Mac OS X | >=10.15<10.15.7 | |
| Apple Mac OS X | =10.15.7 | |
| Apple Mac OS X | =10.15.7-security_update_2020 | |
| Apple Mac OS X | =10.15.7-security_update_2020-001 | |
| Apple Mac OS X | =10.15.7-security_update_2020-005 | |
| Apple Mac OS X | =10.15.7-security_update_2020-007 | |
| Apple Mac OS X | =10.15.7-security_update_2021-001 | |
| Apple Mac OS X | =10.15.7-security_update_2021-002 | |
| Apple Mac OS X | =10.15.7-security_update_2021-003 | |
| Apple Mac OS X | =10.15.7-security_update_2021-006 | |
| Apple Mac OS X | =10.15.7-security_update_2021-007 | |
| Apple Mac OS X | =10.15.7-security_update_2021-008 | |
| Apple Mac OS X | =10.15.7-security_update_2022-001 | |
| Apple Mac OS X | =10.15.7-security_update_2022-002 | |
| Apple Mac OS X | =10.15.7-security_update_2022-003 | |
| Apple macOS | >=11.0<11.6.6 | |
| Apple macOS | >=12.0.0<12.4 | |
| Python Python | >=3.7.0<3.7.14 | |
| Python Python | >=3.8.0<3.8.14 | |
| Python Python | >=3.9.0<3.9.13 | |
| Python Python | >=3.10.0<3.10.5 | |
| Mariadb Mariadb | >=10.3.0<10.3.36 | |
| Mariadb Mariadb | >=10.4.0<10.4.26 | |
| Mariadb Mariadb | >=10.5.0<10.5.17 | |
| Mariadb Mariadb | >=10.6.0<10.6.9 | |
| Mariadb Mariadb | >=10.7.0<10.7.5 | |
| Mariadb Mariadb | >=10.8.0<10.8.4 | |
| Mariadb Mariadb | >=10.9.0<10.9.2 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | ||
| NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.70.2 | |
| Netapp Management Services For Element Software | ||
| NetApp OnCommand Workflow Automation | ||
| NetApp ONTAP Select Deploy administration utility | ||
| Netapp Hci Compute Node | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| Netapp H410c Firmware | ||
| Netapp H410c | ||
| Siemens Scalance Sc622-2c Firmware | <3.0 | |
| Siemens Scalance Sc622-2c | ||
| Siemens Scalance Sc626-2c Firmware | <3.0 | |
| Siemens Scalance Sc626-2c | ||
| Siemens Scalance Sc632-2c Firmware | <3.0 | |
| Siemens Scalance Sc632-2c | ||
| Siemens Scalance Sc636-2c Firmware | <3.0 | |
| Siemens Scalance Sc636-2c | ||
| Siemens Scalance Sc642-2c Firmware | <3.0 | |
| Siemens Scalance Sc642-2c | ||
| Siemens Scalance Sc646-2c Firmware | <3.0 | |
| Siemens Scalance Sc646-2c | ||
| Azul Zulu | =6.45 | |
| Azul Zulu | =7.52 | |
| Azul Zulu | =8.60 | |
| Azul Zulu | =11.54 | |
| Azul Zulu | =13.46 | |
| Azul Zulu | =15.38 | |
| Azul Zulu | =17.32 | |
| Goto Gotoassist | <11.9.18 | |
| All of | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| All of | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| All of | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| All of | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| All of | ||
| Netapp H410c Firmware | ||
| Netapp H410c | ||
| All of | ||
| Siemens Scalance Sc622-2c Firmware | <3.0 | |
| Siemens Scalance Sc622-2c | ||
| All of | ||
| Siemens Scalance Sc626-2c Firmware | <3.0 | |
| Siemens Scalance Sc626-2c | ||
| All of | ||
| Siemens Scalance Sc632-2c Firmware | <3.0 | |
| Siemens Scalance Sc632-2c | ||
| All of | ||
| Siemens Scalance Sc636-2c Firmware | <3.0 | |
| Siemens Scalance Sc636-2c | ||
| All of | ||
| Siemens Scalance Sc642-2c Firmware | <3.0 | |
| Siemens Scalance Sc642-2c | ||
| All of | ||
| Siemens Scalance Sc646-2c Firmware | <3.0 | |
| Siemens Scalance Sc646-2c | ||
| debian/libz-mingw-w64 | <=1.2.11+dfsg-2 | 1.2.13+dfsg-1 1.3.1+dfsg-1 |
| debian/zlib | 1:1.2.11.dfsg-2+deb11u2 1:1.2.13.dfsg-1 1:1.3.dfsg+really1.3.1-1 | |
| Apple macOS Big Sur | <11.6.6 | 11.6.6 |
| Apple macOS Monterey | <12.4 | 12.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2018-25032 https://nvd.nist.gov/vuln/detail/CVE-2018-25032
- https://bugzilla.redhat.com/show_bug.cgi?id=2067945
- https://access.redhat.com/errata/RHSA-2022:2214
- https://access.redhat.com/errata/RHSA-2022:2213
- https://access.redhat.com/errata/RHSA-2023:0976
- https://access.redhat.com/errata/RHSA-2023:0975
- https://access.redhat.com/errata/RHSA-2023:0943
- https://access.redhat.com/errata/RHSA-2022:7813
- https://access.redhat.com/errata/RHSA-2022:1642
- https://access.redhat.com/errata/RHSA-2022:2201
- https://access.redhat.com/errata/RHSA-2022:1591
- https://access.redhat.com/errata/RHSA-2022:2197
- https://access.redhat.com/errata/RHSA-2022:1661
- https://access.redhat.com/errata/RHSA-2022:2192
- https://access.redhat.com/errata/RHSA-2022:2198
- https://access.redhat.com/errata/RHSA-2022:4845
- https://access.redhat.com/errata/RHSA-2022:4584
- https://access.redhat.com/errata/RHSA-2022:4592
- https://access.redhat.com/errata/RHSA-2022:8420
- https://access.redhat.com/errata/RHSA-2022:7144
- https://access.redhat.com/errata/RHSA-2022:5439
- https://access.redhat.com/errata/RHSA-2022:4896
- https://access.redhat.com/security/cve/cve-2018-25032
- https://exchange.xforce.ibmcloud.com/vulnerabilities/222615
- https://www.ibm.com/support/pages/node/6952319 (Advisory)
- https://security-tracker.debian.org/tracker/CVE-2018-25032
- https://www.openwall.com/lists/oss-security/2022/03/24/1
- https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008265
- https://support.apple.com/en-us/HT213255 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2068066
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2068073
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2068368
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2068369
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2070867
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2070868
- http://www.openwall.com/lists/oss-security/2022/03/25/2
- http://www.openwall.com/lists/oss-security/2022/03/26/1
- https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
- https://github.com/madler/zlib/issues/605
- https://www.openwall.com/lists/oss-security/2022/03/28/1
- https://www.openwall.com/lists/oss-security/2022/03/28/3
- https://www.debian.org/security/2022/dsa-5111
- https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
- https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213256
- https://support.apple.com/kb/HT213257
- http://seclists.org/fulldisclosure/2022/May/38
- http://seclists.org/fulldisclosure/2022/May/35
- http://seclists.org/fulldisclosure/2022/May/33
- https://security.netapp.com/advisory/ntap-20220526-0009/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://security.netapp.com/advisory/ntap-20220729-0004/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/
- https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html
- https://security.gentoo.org/glsa/202210-42
- https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf
- https://launchpad.net/bugs/cve/CVE-2018-25032
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
- https://www.openwall.com/lists/oss-security/2022/03/26/1
- https://www.openwall.com/lists/oss-security/2022/03/27/1
- https://support.apple.com/en-us/HT213256 (Advisory)
- https://support.apple.com/en-us/HT213257 (Advisory)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
- https://nvd.nist.gov/vuln/detail/CVE-2018-25032
- https://ubuntu.com/security/CVE-2018-25032
Parent vulnerabilities
(Appears in the following advisories)
- RHSA-2022:2214
- RHSA-2022:2213
- RHSA-2023:0976
- RHSA-2023:0975
- RHSA-2023:0943
- RHSA-2022:7813
- RHSA-2022:1642
- RHSA-2022:2201
- RHSA-2022:1591
- RHSA-2022:2197
- RHSA-2022:1661
- RHSA-2022:2192
- RHSA-2022:2198
- RHSA-2022:4845
- RHSA-2022:4584
- RHSA-2022:4592
- RHSA-2022:8420
- RHSA-2022:7144
- RHSA-2022:5439
- RHSA-2022:4896
- HT213255
- HT213256
- HT213257
- IBM-6952319
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-44224
- CVE-2021-44790
- CVE-2022-22719
- CVE-2022-22720
- CVE-2022-22721
- CVE-2022-22665
- CVE-2022-22630
- CVE-2022-26751
- CVE-2022-26697
- CVE-2022-26698
- CVE-2022-22663
- CVE-2022-26721
- CVE-2022-26722
- CVE-2022-26763
- CVE-2022-22674
- CVE-2022-26720
- CVE-2022-26770
- CVE-2022-26756
- CVE-2022-26769
- CVE-2022-26748
- CVE-2022-26714
- CVE-2022-26757
- CVE-2022-32790
- CVE-2022-26775
- CVE-2022-0778
- CVE-2022-23308
- CVE-2022-32794
- CVE-2022-26727
- CVE-2022-26746
- CVE-2022-26766
- CVE-2022-26715
- CVE-2022-26728
- CVE-2022-26726
- CVE-2022-26755
- CVE-2022-22589
- CVE-2022-26761
- CVE-2022-0530
- CVE-2018-25032
- CVE-2021-45444
- CVE-2022-22675
- CVE-2022-26768
- CVE-2021-30946
- CVE-2022-26767
- CVE-2022-26706
- CVE-2022-32882
- CVE-2022-26776
- CVE-2022-26712
- CVE-2022-26731
- CVE-2022-26718
- CVE-2022-26723
- CVE-2021-4136
- CVE-2021-4166
- CVE-2021-4173
- CVE-2021-4187
- CVE-2021-4192
- CVE-2021-4193
- CVE-2021-46059
- CVE-2022-0128
- CVE-2022-26745
- CVE-2022-26772
- CVE-2022-26741
- CVE-2022-26742
- CVE-2022-26749
- CVE-2022-26750
- CVE-2022-26752
- CVE-2022-26753
- CVE-2022-26754
- CVE-2022-26707
- CVE-2022-26736
- CVE-2022-26737
- CVE-2022-26738
- CVE-2022-26739
- CVE-2022-26740
- CVE-2022-32783
- CVE-2022-26694
- CVE-2022-32781
- CVE-2022-26711
- CVE-2022-26725
- CVE-2022-26701
- CVE-2022-26758
- CVE-2022-26743
- CVE-2022-26764
- CVE-2022-26765
- CVE-2022-26708
- CVE-2022-48575
- CVE-2022-22617
- CVE-2022-32782
- CVE-2022-26693
- CVE-2022-26704
- CVE-2022-42857
- CVE-2022-26696
- CVE-2022-26700
- CVE-2022-26709
- CVE-2022-26710
- CVE-2022-26717
- CVE-2022-26716
- CVE-2022-26719
- CVE-2022-22677
- CVE-2022-26762
- collector/redhat-cve
- collector/debian-bugs
- alias/CVE-2018-25032
- collector/apple-support
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- agent/remedy
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-cve
- source/NVD
- collector/security-tracker-debian
- source/Debian
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- source/Apple
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/tags
- agent/description
- agent/softwarecombine
- agent/event
- collector/ibm-support
- source/IBM
- package-manager/redhat
- package-manager/debian
- vendor/apple
- canonical/apple catalina
- vendor/zlib
- canonical/zlib zlib
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/34
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- canonical/apple mac os x
- version/apple mac os x/10.15
- version/apple mac os x/10.15.7
- version/apple mac os x/10.15.7-security_update_2020
- version/apple mac os x/10.15.7-security_update_2020-001
- version/apple mac os x/10.15.7-security_update_2020-005
- version/apple mac os x/10.15.7-security_update_2020-007
- version/apple mac os x/10.15.7-security_update_2021-001
- version/apple mac os x/10.15.7-security_update_2021-002
- version/apple mac os x/10.15.7-security_update_2021-003
- version/apple mac os x/10.15.7-security_update_2021-006
- version/apple mac os x/10.15.7-security_update_2021-007
- version/apple mac os x/10.15.7-security_update_2021-008
- version/apple mac os x/10.15.7-security_update_2022-001
- version/apple mac os x/10.15.7-security_update_2022-002
- version/apple mac os x/10.15.7-security_update_2022-003
- canonical/apple macos
- version/apple macos/11.0
- version/apple macos/12.0.0
- vendor/python
- canonical/python python
- version/python python/3.7.0
- version/python python/3.8.0
- version/python python/3.9.0
- version/python python/3.10.0
- vendor/mariadb
- canonical/mariadb mariadb
- version/mariadb mariadb/10.3.0
- version/mariadb mariadb/10.4.0
- version/mariadb mariadb/10.5.0
- version/mariadb mariadb/10.6.0
- version/mariadb mariadb/10.7.0
- version/mariadb mariadb/10.8.0
- version/mariadb mariadb/10.9.0
- vendor/netapp
- canonical/netapp active iq unified manager vmware vsphere
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0.0
- version/netapp e-series santricity os controller/11.70.2
- canonical/netapp management services for element software
- canonical/netapp oncommand workflow automation
- canonical/netapp ontap select deploy administration utility
- canonical/netapp hci compute node
- canonical/netapp h300s firmware
- canonical/netapp h300s
- canonical/netapp h500s firmware
- canonical/netapp h500s
- canonical/netapp h700s firmware
- canonical/netapp h700s
- canonical/netapp h410s firmware
- canonical/netapp h410s
- canonical/netapp h410c firmware
- canonical/netapp h410c
- vendor/siemens
- canonical/siemens scalance sc622-2c firmware
- canonical/siemens scalance sc622-2c
- canonical/siemens scalance sc626-2c firmware
- canonical/siemens scalance sc626-2c
- canonical/siemens scalance sc632-2c firmware
- canonical/siemens scalance sc632-2c
- canonical/siemens scalance sc636-2c firmware
- canonical/siemens scalance sc636-2c
- canonical/siemens scalance sc642-2c firmware
- canonical/siemens scalance sc642-2c
- canonical/siemens scalance sc646-2c firmware
- canonical/siemens scalance sc646-2c
- vendor/azul
- canonical/azul zulu
- version/azul zulu/6.45
- version/azul zulu/7.52
- version/azul zulu/8.60
- version/azul zulu/11.54
- version/azul zulu/13.46
- version/azul zulu/15.38
- version/azul zulu/17.32
- vendor/goto
- canonical/goto gotoassist
- canonical/apple macos big sur
- canonical/apple macos monterey