FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- zlib heap buffer overflow

Affected packages
13.1 <= FreeBSD < 13.1_2
13.0 <= FreeBSD < 13.0_13
12.3 <= FreeBSD < 12.3_7

Details

VuXML ID a1323a76-28f1-11ed-a72a-002590c1f29c
Discovery 2022-08-30
Entry 2022-08-31

Problem Description:

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.

Impact:

Applications that call inflateGetHeader may be vulnerable to a buffer overflow. Note that inflateGetHeader is not used by anything in the FreeBSD base system, but may be used by third party software.

References

CVE Name CVE-2022-37434
FreeBSD Advisory SA-22:13.zlib

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.