cbcvebase.
CVE-2022-37434
published 2022-08-05

CVE-2022-37434: zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
15.93%
96.5th percentile
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

Affected

60 ranges· showing 25
VendorProductVersion rangeFixed in
appleios_15.7.1_and_ipados
appleios_16.1_and_ipados
appleipados< 15.7.115.7.1
appleiphone_os< 15.7.115.7.1
appleiphone_os>= 16.0 < 16.116.1
applemacos>= 11.0 < 11.7.111.7.1
applemacos>= 12.0.0 < 12.6.112.6.1
applemacos_big_sur
applemacos_monterey
applemacos_ventura
applewatchos< 9.19.1
applewatchos
debiandebian_linux
debianlibz-mingw-w64< libz-mingw-w64 1.2.12+dfsg-2 (bookworm)libz-mingw-w64 1.2.12+dfsg-2 (bookworm)
debianzlib< libz-mingw-w64 1.2.12+dfsg-2 (bookworm)libz-mingw-w64 1.2.12+dfsg-2 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
klibc_projectklibc>= 0 < 2.0.7-1ubuntu5.22.0.7-1ubuntu5.2
klibc_projectklibc>= 0 < 2.0.10-4ubuntu0.12.0.10-4ubuntu0.1
klibc_projectklibc>= 0 < 2.0.13-4ubuntu0.12.0.13-4ubuntu0.1
klibc_projectklibc>= 0 < 2.0.3-0ubuntu1.14.04.3+esm32.0.3-0ubuntu1.14.04.3+esm3
klibc_projectklibc>= 0 < 2.0.4-8ubuntu1.16.04.4+esm22.0.4-8ubuntu1.16.04.4+esm2
klibc_projectklibc>= 0 < 2.0.4-9ubuntu2.2+esm12.0.4-9ubuntu2.2+esm1
msrcazl3_binutils_2.41-5_on_azure_linux_3.0

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is triggered during inflate operations in zlib when processing a large gzip header extra field — monitor for anomalously large gzip header extra field values passed to inflate/inflateGetHeader.
  • Only applications that explicitly call inflateGetHeader are exploitable — focus detection and patching efforts on binaries/processes that invoke inflateGetHeader from zlib.
  • The vulnerability can be triggered remotely over TCP/IP — network-level inspection of gzip-compressed traffic for oversized header extra fields is a viable detection point.
  • On Apple iOS/iPadOS, exploitation via a malicious Wi-Fi network can cause denial-of-service of the Settings app — anomalous Settings app crashes after joining a new Wi-Fi network may indicate exploitation attempts.
  • ·Not all applications bundling zlib are exploitable — only those that actually call inflateGetHeader are affected, so triage should confirm the call path before treating a zlib instance as vulnerable.
  • ·The affected zlib versions are 1.2.12 and earlier — ensure version checks target zlib <= 1.2.12 when scanning for vulnerable components.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_msrc9.8CRITICAL
vendor_oracle9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.