zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00089.

Exploitation poc

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Apple
  • Mac Os X
  • Macos
Azul
  • Zulu
Debian
  • Debian Linux
Fedoraproject
  • Fedora
Goto
  • Gotoassist
Mariadb
  • Mariadb
Microsoft
  • Windows
Netapp
  • Active Iq Unified Manager
  • E-series Santricity Os Controller
  • H300s
  • H300s Firmware
  • H410c
  • H410c Firmware
  • H410s
  • H410s Firmware
  • H500s
  • H500s Firmware
  • H700s
  • H700s Firmware
  • Hci Compute Node
  • Management Services For Element Software
  • Oncommand Workflow Automation
  • Ontap Select Deploy Administration Utility
Nokogiri
  • Nokogiri
Python
  • Python
Redhat
  • Enterprise Linux
  • Jboss Core Services
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Tus
  • Rhev Hypervisor
Siemens
  • Scalance Sc622-2c
  • Scalance Sc622-2c Firmware
  • Scalance Sc626-2c
  • Scalance Sc626-2c Firmware
  • Scalance Sc632-2c
  • Scalance Sc632-2c Firmware
  • Scalance Sc636-2c
  • Scalance Sc636-2c Firmware
  • Scalance Sc642-2c
  • Scalance Sc642-2c Firmware
  • Scalance Sc646-2c
  • Scalance Sc646-2c Firmware
Zlib
  • Zlib

Configuration 1 [-]

cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:ruby:*:*

Configuration 2 [-]

AND
OR cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Configuration 7 [-]

OR cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*

Configuration 8 [-]

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc626-2c:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*

Configuration 20 [-]

OR cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*
cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*
cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*
cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*
cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*
cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*
cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*

Configuration 21 [-]

cpe:2.3:a:goto:gotoassist:*:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 6 Extended Lifecycle Support
zlib-0:1.2.3-31.el6_10 cpe:/o:redhat:rhel_els:6 RHSA-2022:2214 2022-05-11T00:00:00Z
Red Hat Enterprise Linux 7
zlib-0:1.2.7-20.el7_9 cpe:/o:redhat:enterprise_linux:7 RHSA-2022:2213 2022-05-11T00:00:00Z
Red Hat Enterprise Linux 7.4 Advanced Update Support
zlib-0:1.2.7-17.el7_4.1 cpe:/o:redhat:rhel_aus:7.4 RHSA-2023:0976 2023-02-28T00:00:00Z
Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)
zlib-0:1.2.7-18.el7_6.1 cpe:/o:redhat:rhel_aus:7.6 RHSA-2023:0975 2023-02-28T00:00:00Z
Red Hat Enterprise Linux 7.7 Advanced Update Support
zlib-0:1.2.7-18.el7_7.1 cpe:/o:redhat:rhel_aus:7.7 RHSA-2023:0943 2023-02-28T00:00:00Z
Red Hat Enterprise Linux 7.7 Telco Extended Update Support
zlib-0:1.2.7-18.el7_7.1 cpe:/o:redhat:rhel_tus:7.7 RHSA-2023:0943 2023-02-28T00:00:00Z
Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
zlib-0:1.2.7-18.el7_7.1 cpe:/o:redhat:rhel_e4s:7.7 RHSA-2023:0943 2023-02-28T00:00:00Z
Red Hat Enterprise Linux 8
mingw-zlib-0:1.2.8-10.el8 cpe:/a:redhat:enterprise_linux:8::crb RHSA-2022:7813 2022-11-08T00:00:00Z
zlib-0:1.2.11-18.el8_5 cpe:/o:redhat:enterprise_linux:8 RHSA-2022:1642 2022-04-28T00:00:00Z
rsync-0:3.1.3-14.el8_6.2 cpe:/o:redhat:enterprise_linux:8 RHSA-2022:2201 2022-05-11T00:00:00Z
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
zlib-0:1.2.11-11.el8_1.1 cpe:/o:redhat:rhel_e4s:8.1 RHSA-2022:1591 2022-04-26T00:00:00Z
rsync-0:3.1.3-6.el8_1.1 cpe:/o:redhat:rhel_e4s:8.1 RHSA-2022:2197 2022-05-11T00:00:00Z
Red Hat Enterprise Linux 8.2 Extended Update Support
zlib-0:1.2.11-17.el8_2 cpe:/o:redhat:rhel_eus:8.2 RHSA-2022:1661 2022-05-02T00:00:00Z
rsync-0:3.1.3-7.el8_2.1 cpe:/o:redhat:rhel_eus:8.2 RHSA-2022:2192 2022-05-11T00:00:00Z
Red Hat Enterprise Linux 8.4 Extended Update Support
rsync-0:3.1.3-12.el8_4.1 cpe:/o:redhat:rhel_eus:8.4 RHSA-2022:2198 2022-05-11T00:00:00Z
zlib-0:1.2.11-18.el8_4 cpe:/o:redhat:rhel_eus:8.4 RHSA-2022:4845 2022-05-31T00:00:00Z
Red Hat Enterprise Linux 9
zlib-0:1.2.11-31.el9_0.1 cpe:/a:redhat:enterprise_linux:9 RHSA-2022:4584 2022-05-17T00:00:00Z
rsync-0:3.2.3-9.el9_0.1 cpe:/a:redhat:enterprise_linux:9 RHSA-2022:4592 2022-05-18T00:00:00Z
mingw-zlib-0:1.2.12-2.el9 cpe:/a:redhat:enterprise_linux:9::crb RHSA-2022:8420 2022-11-15T00:00:00Z
zlib-0:1.2.11-31.el9_0.1 cpe:/o:redhat:enterprise_linux:9 RHSA-2022:4584 2022-05-17T00:00:00Z
rsync-0:3.2.3-9.el9_0.1 cpe:/o:redhat:enterprise_linux:9 RHSA-2022:4592 2022-05-18T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
redhat-virtualization-host-0:4.3.23-20220622.0.el7_9 cpe:/o:redhat:enterprise_linux:7::hypervisor RHSA-2022:5439 2022-07-01T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
redhat-virtualization-host-0:4.5.0-202205291010_8.6 cpe:/o:redhat:rhev_hypervisor:4.4::el8 RHSA-2022:4896 2022-06-03T00:00:00Z
Text-Only JBCS
zlib cpe:/a:redhat:jboss_core_services:1 RHSA-2022:7144 2022-10-26T00:00:00Z

No data.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-2968-1 zlib security update
Debian DLA Debian DLA DLA-2993-1 libz-mingw-w64 security update
Debian DLA Debian DLA DLA-3114-1 mariadb-10.3 security update
Debian DSA Debian DSA DSA-5111-1 zlib security update
EUVD EUVD EUVD-2022-1454 zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Github GHSA Github GHSA GHSA-jc36-42cf-vqwj Nokogiri affected by zlib's Out-of-bounds Write vulnerability
Ubuntu USN Ubuntu USN USN-5355-1 zlib vulnerability
Ubuntu USN Ubuntu USN USN-5355-2 zlib vulnerability
Ubuntu USN Ubuntu USN USN-5359-1 rsync vulnerability
Ubuntu USN Ubuntu USN USN-5359-2 rsync vulnerability
Ubuntu USN Ubuntu USN USN-5739-1 MariaDB vulnerabilities
Ubuntu USN Ubuntu USN USN-6736-1 klibc vulnerabilities
Ubuntu USN Ubuntu USN USN-6736-2 klibc vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://seclists.org/fulldisclosure/2022/May/33 cve-icon cve-icon
http://seclists.org/fulldisclosure/2022/May/35 cve-icon cve-icon
http://seclists.org/fulldisclosure/2022/May/38 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2022/03/25/2 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2022/03/26/1 cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf cve-icon cve-icon
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 cve-icon cve-icon
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12 cve-icon cve-icon
https://github.com/madler/zlib/issues/605 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2018-25032 cve-icon
https://security.gentoo.org/glsa/202210-42 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20220526-0009/ cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20220729-0004/ cve-icon cve-icon
https://support.apple.com/kb/HT213255 cve-icon cve-icon
https://support.apple.com/kb/HT213256 cve-icon cve-icon
https://support.apple.com/kb/HT213257 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2018-25032 cve-icon
https://www.debian.org/security/2022/dsa-5111 cve-icon cve-icon
https://www.openwall.com/lists/oss-security/2022/03/24/1 cve-icon cve-icon
https://www.openwall.com/lists/oss-security/2022/03/28/1 cve-icon cve-icon
https://www.openwall.com/lists/oss-security/2022/03/28/3 cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujul2022.html cve-icon cve-icon
History

Thu, 21 Aug 2025 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
CPEs cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows

Tue, 06 May 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 28 Mar 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Nokogiri
Nokogiri nokogiri
CPEs cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:ruby:*:*
Vendors & Products Nokogiri
Nokogiri nokogiri
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-05-06T14:19:53.894Z

Reserved: 2022-03-25T00:00:00.000Z

Link: CVE-2018-25032

cve-icon Vulnrichment

Updated: 2024-08-05T12:26:39.599Z

cve-icon NVD

Status : Analyzed

Published: 2022-03-25T09:15:08.187

Modified: 2025-08-21T20:37:11.840

Link: CVE-2018-25032

cve-icon Redhat

Severity : Important

Publid Date: 2018-04-20T00:00:00Z

Links: CVE-2018-25032 - Bugzilla

cve-icon OpenCVE Enrichment

No data.