medium
4
CWE
119
Advisory Published
Updated

REDHAT-BUG-2116639: Buffer Overflow

First published: Tue Aug 09 2022(Updated: )

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). <a href="https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764">https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764</a> <a href="https://github.com/ivd38/zlib_overflow">https://github.com/ivd38/zlib_overflow</a> <a href="https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1">https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1</a> <a href="https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063">https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063</a> <a href="http://www.openwall.com/lists/oss-security/2022/08/05/2">http://www.openwall.com/lists/oss-security/2022/08/05/2</a> <a href="https://github.com/curl/curl/issues/9271">https://github.com/curl/curl/issues/9271</a> <a href="http://www.openwall.com/lists/oss-security/2022/08/09/1">http://www.openwall.com/lists/oss-security/2022/08/09/1</a>

Affected SoftwareAffected VersionHow to fix
zlib<=1.2.12

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of REDHAT-BUG-2116639?

    The severity of REDHAT-BUG-2116639 is considered high due to potential exploitation through heap-based buffer overflow or over-read.

  • How do I fix REDHAT-BUG-2116639?

    To fix REDHAT-BUG-2116639, update to the latest version of zlib that addresses this vulnerability.

  • Which applications are affected by REDHAT-BUG-2116639?

    Applications that call inflateGetHeader and bundle the affected zlib source code are at risk from REDHAT-BUG-2116639.

  • What is the nature of the vulnerability in REDHAT-BUG-2116639?

    REDHAT-BUG-2116639 describes a heap-based buffer over-read or overflow vulnerability in zlib when handling large gzip header extra fields.

  • What version of zlib contains the vulnerability REDHAT-BUG-2116639?

    zlib versions up to and including 1.2.12 contain the vulnerability described in REDHAT-BUG-2116639.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203