FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- zlib heap buffer overflow

Affected packages
13.1 <= FreeBSD < 13.1_2
13.0 <= FreeBSD < 13.0_13
12.3 <= FreeBSD < 12.3_7


VuXML ID a1323a76-28f1-11ed-a72a-002590c1f29c
Discovery 2022-08-30
Entry 2022-08-31

Problem Description:

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.


Applications that call inflateGetHeader may be vulnerable to a buffer overflow. Note that inflateGetHeader is not used by anything in the FreeBSD base system, but may be used by third party software.


CVE Name CVE-2022-37434
FreeBSD Advisory SA-22:13.zlib