CVE-2018-25032
- Source
- https://cve.org/CVERecord?id=CVE-2018-25032
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-25032.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-25032
- Aliases
- Downstream
- Related
- Published
- 2022-03-25T09:15:08.187Z
- Modified
- 2026-03-02T07:57:42.307665Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
- References
-
- http://seclists.org/fulldisclosure/2022/May/33
- http://seclists.org/fulldisclosure/2022/May/35
- http://seclists.org/fulldisclosure/2022/May/38
- http://www.openwall.com/lists/oss-security/2022/03/25/2
- http://www.openwall.com/lists/oss-security/2022/03/26/1
- https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf
- https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
- https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
- https://github.com/madler/zlib/issues/605
- https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
- https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
- https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
- https://security.gentoo.org/glsa/202210-42
- https://security.netapp.com/advisory/ntap-20220526-0009/
- https://security.netapp.com/advisory/ntap-20220729-0004/
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213256
- https://support.apple.com/kb/HT213257
- https://www.debian.org/security/2022/dsa-5111
- https://www.openwall.com/lists/oss-security/2022/03/24/1
- https://www.openwall.com/lists/oss-security/2022/03/28/1
- https://www.openwall.com/lists/oss-security/2022/03/28/3
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://github.com/madler/zlib/issues/605
- https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
- https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
- https://github.com/madler/zlib/issues/605
- https://www.debian.org/security/2022/dsa-5111
- https://www.oracle.com/security-alerts/cpujul2022.html
- http://seclists.org/fulldisclosure/2022/May/33
- http://seclists.org/fulldisclosure/2022/May/35
- http://seclists.org/fulldisclosure/2022/May/38
- http://www.openwall.com/lists/oss-security/2022/03/25/2
- http://www.openwall.com/lists/oss-security/2022/03/26/1
- https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
- https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
- https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html
- https://www.openwall.com/lists/oss-security/2022/03/24/1
- https://www.openwall.com/lists/oss-security/2022/03/28/1
- https://www.openwall.com/lists/oss-security/2022/03/28/3
- http://www.openwall.com/lists/oss-security/2022/03/26/1
- https://www.openwall.com/lists/oss-security/2022/03/28/1
Affected packages
Git
github.com/mariadb-corporation/mariadb-connector-nodejs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mariadb-corporation/mariadb-connector-nodejs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
github.com/mariadb/server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mariadb/server
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
Affected versions
mariadb-10.*
mariadb-10.2.38
mariadb-10.2.39
mariadb-10.2.40
mariadb-10.2.41
mariadb-10.2.42
mariadb-10.2.43
mariadb-10.3.29
mariadb-10.3.30
mariadb-10.3.31
mariadb-10.3.32
mariadb-10.3.33
mariadb-10.3.34
mariadb-10.3.35
mariadb-10.3.36
mariadb-10.4.19
mariadb-10.4.20
mariadb-10.4.21
mariadb-10.4.22
mariadb-10.4.23
mariadb-10.4.24
mariadb-10.4.25
mariadb-10.4.26
mariadb-10.5.10
mariadb-10.5.11
mariadb-10.5.12
mariadb-10.5.13
mariadb-10.5.14
mariadb-10.5.15
mariadb-10.5.16
mariadb-10.5.17
mariadb-10.6.0
mariadb-10.6.1
mariadb-10.6.2
mariadb-10.6.3
mariadb-10.6.4
mariadb-10.6.5
mariadb-10.6.6
mariadb-10.6.7
mariadb-10.6.8
mariadb-10.6.9
mariadb-10.7.1
mariadb-10.7.2
mariadb-10.7.3
mariadb-10.7.4
mariadb-10.7.5
mariadb-10.8.1
mariadb-10.8.2
mariadb-10.8.3
mariadb-10.8.4
mariadb-10.9.1
Database specific
vanir_signatures
[
{
"id": "CVE-2018-25032-bab28f5d",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mariadb/server/commit/faddcf3c395da640b760c3f701f5bc1f3baae6c4",
"target": {
"function": "find_set",
"file": "sql/strfunc.cc"
},
"digest": {
"length": 1094.0,
"function_hash": "96567548985656349046472553596954460768"
},
"signature_type": "Function"
},
{
"id": "CVE-2018-25032-ee10862f",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mariadb/server/commit/faddcf3c395da640b760c3f701f5bc1f3baae6c4",
"target": {
"file": "sql/strfunc.cc"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"271363707396860767418283350345897486504",
"120596951573328682502907908502941671745",
"115421961338400510566446524145876737974",
"64074615696916198601226435566349591945"
]
},
"signature_type": "Line"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-25032.json"