FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- zlib compression out-of-bounds write

Affected packages
13.0 <= FreeBSD < 13.0_11
12.3 <= FreeBSD < 12.3_5

Details

VuXML ID 38f2e3a0-b61e-11ec-9ebc-1c697aa5a594
Discovery 2022-04-06
Entry 2022-04-07

Problem Description:

Certain inputs can cause zlib's compression routine to overwrite an internal buffer with compressed data. This issue may require the use of uncommon or non-default compression parameters.

Impact:

The out-of-bounds write may result in memory corruption and an application crash or kernel panic.

References

CVE Name CVE-2018-25032
FreeBSD Advisory SA-22:08.zlib