CVE-2018-25032
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-25032
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-25032.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-25032
- Aliases
- Downstream
- Related
- Published
- 2022-03-25T09:15:08Z
- Modified
- 2025-10-10T01:45:16.496783Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
- References
-
- http://seclists.org/fulldisclosure/2022/May/33
- http://seclists.org/fulldisclosure/2022/May/35
- http://seclists.org/fulldisclosure/2022/May/38
- http://www.openwall.com/lists/oss-security/2022/03/25/2
- http://www.openwall.com/lists/oss-security/2022/03/26/1
- https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf
- https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
- https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
- https://github.com/madler/zlib/issues/605
- https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
- https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
- https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
- https://security.gentoo.org/glsa/202210-42
- https://security.netapp.com/advisory/ntap-20220526-0009/
- https://security.netapp.com/advisory/ntap-20220729-0004/
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213256
- https://support.apple.com/kb/HT213257
- https://www.debian.org/security/2022/dsa-5111
- https://www.openwall.com/lists/oss-security/2022/03/24/1
- https://www.openwall.com/lists/oss-security/2022/03/28/1
- https://www.openwall.com/lists/oss-security/2022/03/28/3
- https://www.oracle.com/security-alerts/cpujul2022.html
Affected packages
Git / github.com/madler/zlib
Affected ranges
- Type
- GIT
- Repo
- https://github.com/madler/zlib
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/mariadb-corporation/mariadb-connector-nodejs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/mariadb/server
- Events
- Type
- GIT
- Repo
- https://github.com/python/cpython
- Events
- Type
- GIT
- Repo
- https://github.com/sparklemotion/nokogiri
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.7.0
1.*
1.7.0.1-linux-binary1
2.*
2.0.0-alpha
2.0.1-beta
2.0.2-rc
2.0.3
2.0.4
2.0.5
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.2.0
2.3.0
2.3.1
2.4.0
2.4.1
2.4.2
2.5.0
2.5.1
2.5.2
2.5.3
2.5.4
2.5.5
2.5.6
3.*
3.0.0
3.0.0-rc
REL_1.*
REL_1.0.0
REL_1.0.1
REL_1.0.2
REL_1.0.3
REL_1.0.4
REL_1.0.5
REL_1.0.6
REL_1.0.7
REL_1.1.0
REL_1.1.1
REL_1.2.0
REL_1.2.1
REL_1.2.2
REL_1.2.3
REL_1.3.0
REL_1.3.0rc1
REL_1.3.1
REL_1.3.2
REL_1.3.3
REL_1.4.0
REL_1.4.1
REL_1.4.2
REL_1.4.3
REL_1.4.3.1
REL_1.5.0.beta.1
REL_1.5.0.beta.2
mariadb-10.*
mariadb-10.0.31
mariadb-10.0.32
mariadb-10.0.33
mariadb-10.0.34
mariadb-10.0.35
mariadb-10.0.36
mariadb-10.0.37
mariadb-10.0.38
mariadb-10.1.23
mariadb-10.1.24
mariadb-10.1.25
mariadb-10.1.26
mariadb-10.1.27
mariadb-10.1.28
mariadb-10.1.29
mariadb-10.1.30
mariadb-10.1.31
mariadb-10.1.32
mariadb-10.1.33
mariadb-10.1.34
mariadb-10.1.35
mariadb-10.1.36
mariadb-10.1.37
mariadb-10.1.38
mariadb-10.1.39
mariadb-10.1.40
mariadb-10.1.41
mariadb-10.1.42
mariadb-10.1.43
mariadb-10.1.44
mariadb-10.1.45
mariadb-10.1.46
mariadb-10.1.47
mariadb-10.2.10
mariadb-10.2.11
mariadb-10.2.12
mariadb-10.2.13
mariadb-10.2.14
mariadb-10.2.15
mariadb-10.2.16
mariadb-10.2.17
mariadb-10.2.18
mariadb-10.2.19
mariadb-10.2.20
mariadb-10.2.21
mariadb-10.2.22
mariadb-10.2.23
mariadb-10.2.24
mariadb-10.2.25
mariadb-10.2.26
mariadb-10.2.27
mariadb-10.2.28
mariadb-10.2.29
mariadb-10.2.30
mariadb-10.2.31
mariadb-10.2.32
mariadb-10.2.33
mariadb-10.2.34
mariadb-10.2.35
mariadb-10.2.36
mariadb-10.2.37
mariadb-10.2.38
mariadb-10.2.39
mariadb-10.2.40
mariadb-10.2.41
mariadb-10.2.42
mariadb-10.2.43
mariadb-10.2.6
mariadb-10.2.7
mariadb-10.2.8
mariadb-10.2.9
mariadb-10.3.0
mariadb-10.3.1
mariadb-10.3.10
mariadb-10.3.11
mariadb-10.3.12
mariadb-10.3.13
mariadb-10.3.14
mariadb-10.3.15
mariadb-10.3.16
mariadb-10.3.17
mariadb-10.3.18
mariadb-10.3.19
mariadb-10.3.2
mariadb-10.3.20
mariadb-10.3.21
mariadb-10.3.22
mariadb-10.3.23
mariadb-10.3.24
mariadb-10.3.25
mariadb-10.3.26
mariadb-10.3.27
mariadb-10.3.28
mariadb-10.3.29
mariadb-10.3.3
mariadb-10.3.30
mariadb-10.3.31
mariadb-10.3.32
mariadb-10.3.33
mariadb-10.3.34
mariadb-10.3.35
mariadb-10.3.4
mariadb-10.3.5
mariadb-10.3.6
mariadb-10.3.7
mariadb-10.3.8
mariadb-10.3.9
mariadb-5.*
mariadb-5.5.55
mariadb-5.5.56
mariadb-5.5.57
mariadb-5.5.58
mariadb-5.5.59
mariadb-5.5.60
mariadb-5.5.61
mariadb-5.5.62
mariadb-5.5.63
mariadb-5.5.64
mariadb-5.5.65
mariadb-5.5.66
mariadb-5.5.67
mariadb-5.5.68
mariadb-galera-10.*
mariadb-galera-10.0.30
mariadb-galera-10.0.31
mariadb-galera-10.0.32
mariadb-galera-10.0.33
mariadb-galera-10.0.34
mariadb-galera-10.0.35
mariadb-galera-10.0.36
mariadb-galera-10.0.37
mariadb-galera-5.*
mariadb-galera-5.5.52
mariadb-galera-5.5.53
mariadb-galera-5.5.54
mariadb-galera-5.5.55
mariadb-galera-5.5.56
mariadb-galera-5.5.57
mariadb-galera-5.5.58
mariadb-galera-5.5.59
mariadb-galera-5.5.60
mariadb-galera-5.5.61
mariadb-galera-5.5.62
mysql-5.*
mysql-5.5.55
mysql-5.5.56
mysql-5.5.57
mysql-5.5.58
mysql-5.5.59
mysql-5.5.60
mysql-5.5.61
mysql-5.5.62
v0.*
v0.71
v0.79
v0.8
v0.9
v0.91
v0.92
v0.93
v0.94
v0.95
v0.99
v1.*
v1.0-pre
v1.0.1
v1.0.2
v1.0.4
v1.0.5
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.10.0
v1.10.0.rc1
v1.10.1
v1.10.2
v1.10.3
v1.11.0
v1.11.0.rc1
v1.11.0.rc2
v1.11.0.rc3
v1.11.0.rc4
v1.11.1
v1.11.2
v1.11.3
v1.12.0
v1.12.0.rc1
v1.12.1
v1.12.2
v1.12.3
v1.13.0
v1.13.1
v1.13.2
v1.13.3
v1.2.0
v1.2.0.1
v1.2.0.2
v1.2.0.3
v1.2.0.4
v1.2.0.5
v1.2.0.6
v1.2.0.7
v1.2.0.8
v1.2.1
v1.2.1.1
v1.2.1.2
v1.2.10
v1.2.11
v1.2.2
v1.2.2.1
v1.2.2.2
v1.2.2.3
v1.2.2.4
v1.2.3
v1.2.3.1
v1.2.3.2
v1.2.3.3
v1.2.3.4
v1.2.3.5
v1.2.3.6
v1.2.3.7
v1.2.3.8
v1.2.3.9
v1.2.4
v1.2.4-pre1
v1.2.4-pre2
v1.2.4.1
v1.2.4.2
v1.2.4.3
v1.2.4.4
v1.2.4.5
v1.2.5
v1.2.5.1
v1.2.5.2
v1.2.5.3
v1.2.6
v1.2.6.1
v1.2.7
v1.2.7.1
v1.2.7.2
v1.2.7.3
v1.2.8
v1.2.9
v1.4.4
v1.4.4.1
v1.4.4.2
v1.5.0
v1.5.0.beta.3
v1.5.0.beta.4
v1.5.1
v1.5.1.rc1
v1.5.2
v1.5.3
v1.5.3.rc1
v1.5.3.rc3
v1.5.3.rc4
v1.5.3.rc5
v1.5.3.rc6
v1.5.4
v1.5.4.rc1
v1.5.4.rc2
v1.5.4.rc3
v1.5.5
v1.5.5.rc1
v1.5.5.rc2
v1.5.5.rc3
v1.5.6
v1.5.6.rc1
v1.5.6.rc2
v1.5.7
v1.5.7.rc1
v1.5.7.rc2
v1.5.7.rc3
v1.5.8
v1.5.9
v1.6.0
v1.6.0.rc1
v1.6.2
v1.6.2.1
v1.6.2.beta.1
v1.6.2.rc1
v1.6.2.rc2
v1.6.2.rc3
v1.6.3
v1.6.3.1
v1.6.3.rc1
v1.6.3.rc2
v1.6.3.rc3
v1.6.4
v1.6.5
v1.6.6
v1.6.6.1
v1.6.6.2
v1.6.7.rc1
v1.6.7.rc2
v1.6.7.rc3
v1.6.7.rc4
v1.6.8
v1.6.8.rc1
v1.6.8.rc2
v1.6.8.rc3
v1.7.0
v1.7.0.1
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.9.0
v1.9.0.rc1
v1.9.1
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2018-25032-0fc51149",
"digest": {
"line_hashes": [
"141723864317747925058336557003436481538",
"67358590013236664675391494614848539802",
"302908053743602711134143963280417879769",
"63246384868305385028609490170472494591",
"197696826748605258549566037975095074473",
"178728171548848499097530913039572405075",
"239441329185959104795351783318844433913",
"113880934804577714788433535757505248367",
"186776389272425000966978050927088826772",
"230224791616736251459435186768860733470",
"315011761030768229289512186357498758174",
"7512418680227091364171781841596870314",
"337472628272406866696043769040470883323",
"179952937507251961654454387812217343994",
"52432553690372258283590198874603137476",
"48216828784747377600525248297419610319",
"167386283172557197139527567126230857405",
"52989523748966647699789142542497781711",
"104284105052473956938937706929463953108",
"61514555653805824093844711119884087722",
"261275755014155220492152028762043809052",
"223152562692181219827932737786788727815",
"251997642670575075602858006756589800988",
"263015191860464613075683134237649416842"
],
"threshold": 0.9
},
"source": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531",
"signature_version": "v1",
"target": {
"file": "deflate.h"
},
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2018-25032-561ef634",
"digest": {
"line_hashes": [
"95527534056965999805195222966911308931",
"40377084281797978781809953378357646014",
"169925438748705490661276078601557135147",
"263420814224869622578870971980400825129",
"55947360462560040236426082660137443332",
"278112257920924414324335574811393650708",
"21474087875977361105189073914296703668",
"213530804123451704796055807666465775624",
"128861107472703546063652180908920042922",
"320638403681128379778124806992206626438",
"164212191260478141579821974251646259037",
"158218631382871507579401750610032717544",
"208663743624237816202707950212939183677",
"319931111585565094142139107543831628965",
"304585962814257033681920331726959626340",
"288091319656971273051039017292829193524",
"314181257043960388891286509408608660270",
"281348945158634912779652987617921208801",
"251371988921103670719178198170621178148",
"89228518188905023274567953372492642384",
"11154538915074374363518656421808658793",
"138692121015815931217353122397344876623",
"331635599745367811337070131292552797279",
"140300391123739811445147671784482577305",
"296162210247165598639726066625577764646",
"202179798597446626580721641273616384631",
"227213397709513200874059200915662776630",
"98431677271186169320922500200198031189",
"32929428429162941793112522035732042956",
"186318132831561585867179212354734263910",
"147675632396734393261281517662783924275",
"30425654285744897008841363475340594789",
"264248193964434628768022975059497886822",
"157856874409156161731194607198107812714",
"7477895630416423579748747537469175639",
"287319464347230740037567272479812888874",
"124040230490321498039465106068895104028",
"157856874409156161731194607198107812714",
"7477895630416423579748747537469175639",
"287319464347230740037567272479812888874",
"124040230490321498039465106068895104028",
"157856874409156161731194607198107812714",
"7477895630416423579748747537469175639",
"287319464347230740037567272479812888874",
"124040230490321498039465106068895104028",
"157856874409156161731194607198107812714",
"7477895630416423579748747537469175639",
"287319464347230740037567272479812888874",
"124040230490321498039465106068895104028"
],
"threshold": 0.9
},
"source": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531",
"signature_version": "v1",
"target": {
"file": "deflate.c"
},
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2018-25032-6531a8a2",
"digest": {
"length": 405.0,
"function_hash": "183577064079204038223351938506323241649"
},
"source": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531",
"signature_version": "v1",
"target": {
"function": "_tr_tally_dist",
"file": "deflate.h"
},
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2018-25032-b8d1705b",
"digest": {
"length": 258.0,
"function_hash": "197602208888546417884389429356439392046"
},
"source": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531",
"signature_version": "v1",
"target": {
"function": "_tr_tally_lit",
"file": "deflate.h"
},
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2018-25032-bab28f5d",
"digest": {
"length": 1094.0,
"function_hash": "96567548985656349046472553596954460768"
},
"source": "https://github.com/mariadb/server/commit/faddcf3c395da640b760c3f701f5bc1f3baae6c4",
"signature_version": "v1",
"target": {
"function": "find_set",
"file": "sql/strfunc.cc"
},
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2018-25032-eaa7586e",
"digest": {
"line_hashes": [
"275729980329486640864871635647500674241",
"36310519418943524490990280449166385695",
"83093560647248392120903241051961354577",
"15559684812814601637683710660364447171",
"124457097401623797224694666739951043404",
"170040189433616466552056819666133826240",
"37728164962488204105515535869221895289",
"318974904746630559889012130340606527190",
"203420035528872593117691111285885472961",
"281432424335107080520185873839181488805",
"263446684365866307309878265978833443492",
"180904249670093724273103375739725429001",
"157392680355378625847726856020041717172",
"98431604612329735115473080898565296646",
"104463810397730140048307147091942102116",
"695108473130459805652151375261153836",
"260256238173438554145983822103816123323",
"55563018243523296312660524556172760836",
"54521747130159132355809839883599176076",
"284183267864467478325414241930994380573",
"317226498807644787217983491378508508945",
"294461928729349457650093699995822630553",
"23843344622014854395634360508374769167",
"181349001937904947627317717850091119788",
"247642861271588735194604471829776102269",
"241241107559885235631428206071269883582",
"71389195349489551025665626279939797786",
"305697195570412995838641631157082682039",
"271659869836972134851981129039061253853",
"114017433329083463939489002363684398859",
"243284635003099158607636791722620798624",
"254090499493632955889431416931979758708",
"280994057955809864110825216049260260568",
"189542929523420146747088537002250990400",
"264830883514038256125886789433363475321",
"208672719471545000741289466095903292417",
"81191180630014765923302463762403452970",
"289565422209295032945524427625623770663",
"228817909144996188778908253764289710103",
"324270781134441179326963692477977264994",
"228478318158434263888083744272467519845",
"314337177623198088727946449990923729069",
"306782173303871066853395012939350031227",
"236509791217529222740138786750656921902",
"150138996121765241686509325879686315727",
"144184067178449835701555955902902643889",
"95046897030385651463719084436879453213",
"234560781543869297759876207381494709077"
],
"threshold": 0.9
},
"source": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531",
"signature_version": "v1",
"target": {
"file": "trees.c"
},
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2018-25032-ee10862f",
"digest": {
"line_hashes": [
"271363707396860767418283350345897486504",
"120596951573328682502907908502941671745",
"115421961338400510566446524145876737974",
"64074615696916198601226435566349591945"
],
"threshold": 0.9
},
"source": "https://github.com/mariadb/server/commit/faddcf3c395da640b760c3f701f5bc1f3baae6c4",
"signature_version": "v1",
"target": {
"file": "sql/strfunc.cc"
},
"deprecated": false,
"signature_type": "Line"
}
]
}