Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2018-25032

Disclosure Date: March 25, 2022
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.5 High
Impact Score:
3.6
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Vendors

  • apple,
  • azul,
  • debian,
  • fedoraproject,
  • goto,
  • mariadb,
  • netapp,
  • python,
  • siemens,
  • zlib

Products

  • active iq unified manager -,
  • debian linux 10.0,
  • debian linux 11.0,
  • debian linux 9.0,
  • e-series santricity os controller,
  • fedora 34,
  • fedora 35,
  • fedora 36,
  • gotoassist,
  • h300s firmware -,
  • h410c firmware -,
  • h410s firmware -,
  • h500s firmware -,
  • h700s firmware -,
  • hci compute node -,
  • mac os x,
  • mac os x 10.15.7,
  • macos,
  • management services for element software -,
  • mariadb,
  • oncommand workflow automation -,
  • ontap select deploy administration utility -,
  • python,
  • scalance sc622-2c firmware,
  • scalance sc626-2c firmware,
  • scalance sc632-2c firmware,
  • scalance sc636-2c firmware,
  • scalance sc642-2c firmware,
  • scalance sc646-2c firmware,
  • zlib,
  • zulu 11.54,
  • zulu 13.46,
  • zulu 15.38,
  • zulu 17.32,
  • zulu 6.45,
  • zulu 7.52,
  • zulu 8.60

References

Advisory

Additional Info

Technical Analysis