zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00089.

Exploitation poc

Automatable yes

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
n/a n/a affected
Version Status Constraints
n/a affected

Configuration 1 [-]

cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:ruby:*:*

Configuration 2 [-]

AND
OR cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Configuration 7 [-]

OR cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*

Configuration 8 [-]

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc626-2c:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*

Configuration 20 [-]

OR cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*
cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*
cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*
cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*
cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*
cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*
cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*

Configuration 21 [-]

cpe:2.3:a:goto:gotoassist:*:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 6 Extended Lifecycle Support
zlib-0:1.2.3-31.el6_10 cpe:/o:redhat:rhel_els:6 RHSA-2022:2214 2022-05-11T00:00:00Z
Red Hat Enterprise Linux 7
zlib-0:1.2.7-20.el7_9 cpe:/o:redhat:enterprise_linux:7 RHSA-2022:2213 2022-05-11T00:00:00Z
Red Hat Enterprise Linux 7.4 Advanced Update Support
zlib-0:1.2.7-17.el7_4.1 cpe:/o:redhat:rhel_aus:7.4 RHSA-2023:0976 2023-02-28T00:00:00Z
Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)
zlib-0:1.2.7-18.el7_6.1 cpe:/o:redhat:rhel_aus:7.6 RHSA-2023:0975 2023-02-28T00:00:00Z
Red Hat Enterprise Linux 7.7 Advanced Update Support
zlib-0:1.2.7-18.el7_7.1 cpe:/o:redhat:rhel_aus:7.7 RHSA-2023:0943 2023-02-28T00:00:00Z
Red Hat Enterprise Linux 7.7 Telco Extended Update Support
zlib-0:1.2.7-18.el7_7.1 cpe:/o:redhat:rhel_tus:7.7 RHSA-2023:0943 2023-02-28T00:00:00Z
Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
zlib-0:1.2.7-18.el7_7.1 cpe:/o:redhat:rhel_e4s:7.7 RHSA-2023:0943 2023-02-28T00:00:00Z
Red Hat Enterprise Linux 8
mingw-zlib-0:1.2.8-10.el8 cpe:/a:redhat:enterprise_linux:8::crb RHSA-2022:7813 2022-11-08T00:00:00Z
zlib-0:1.2.11-18.el8_5 cpe:/o:redhat:enterprise_linux:8 RHSA-2022:1642 2022-04-28T00:00:00Z
rsync-0:3.1.3-14.el8_6.2 cpe:/o:redhat:enterprise_linux:8 RHSA-2022:2201 2022-05-11T00:00:00Z
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
zlib-0:1.2.11-11.el8_1.1 cpe:/o:redhat:rhel_e4s:8.1 RHSA-2022:1591 2022-04-26T00:00:00Z
rsync-0:3.1.3-6.el8_1.1 cpe:/o:redhat:rhel_e4s:8.1 RHSA-2022:2197 2022-05-11T00:00:00Z
Red Hat Enterprise Linux 8.2 Extended Update Support
zlib-0:1.2.11-17.el8_2 cpe:/o:redhat:rhel_eus:8.2 RHSA-2022:1661 2022-05-02T00:00:00Z
rsync-0:3.1.3-7.el8_2.1 cpe:/o:redhat:rhel_eus:8.2 RHSA-2022:2192 2022-05-11T00:00:00Z
Red Hat Enterprise Linux 8.4 Extended Update Support
rsync-0:3.1.3-12.el8_4.1 cpe:/o:redhat:rhel_eus:8.4 RHSA-2022:2198 2022-05-11T00:00:00Z
zlib-0:1.2.11-18.el8_4 cpe:/o:redhat:rhel_eus:8.4 RHSA-2022:4845 2022-05-31T00:00:00Z
Red Hat Enterprise Linux 9
zlib-0:1.2.11-31.el9_0.1 cpe:/a:redhat:enterprise_linux:9 RHSA-2022:4584 2022-05-17T00:00:00Z
rsync-0:3.2.3-9.el9_0.1 cpe:/a:redhat:enterprise_linux:9 RHSA-2022:4592 2022-05-18T00:00:00Z
mingw-zlib-0:1.2.12-2.el9 cpe:/a:redhat:enterprise_linux:9::crb RHSA-2022:8420 2022-11-15T00:00:00Z
zlib-0:1.2.11-31.el9_0.1 cpe:/o:redhat:enterprise_linux:9 RHSA-2022:4584 2022-05-17T00:00:00Z
rsync-0:3.2.3-9.el9_0.1 cpe:/o:redhat:enterprise_linux:9 RHSA-2022:4592 2022-05-18T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
redhat-virtualization-host-0:4.3.23-20220622.0.el7_9 cpe:/o:redhat:enterprise_linux:7::hypervisor RHSA-2022:5439 2022-07-01T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
redhat-virtualization-host-0:4.5.0-202205291010_8.6 cpe:/o:redhat:rhev_hypervisor:4.4::el8 RHSA-2022:4896 2022-06-03T00:00:00Z
Text-Only JBCS
zlib cpe:/a:redhat:jboss_core_services:1 RHSA-2022:7144 2022-10-26T00:00:00Z

No data.

Project Subscriptions

Vendors Products
Apple Subscribe
Mac Os X Subscribe
Macos Subscribe
Azul Subscribe
Zulu Subscribe
Debian Subscribe
Debian Linux Subscribe
Fedoraproject Subscribe
Fedora Subscribe
Goto Subscribe
Gotoassist Subscribe
Mariadb Subscribe
Mariadb Subscribe
Microsoft Subscribe
Windows Subscribe
Netapp Subscribe
Active Iq Unified Manager Subscribe
E-series Santricity Os Controller Subscribe
H300s Subscribe
H300s Firmware Subscribe
H410c Subscribe
H410c Firmware Subscribe
H410s Subscribe
H410s Firmware Subscribe
H500s Subscribe
H500s Firmware Subscribe
H700s Subscribe
H700s Firmware Subscribe
Hci Compute Node Subscribe
Management Services For Element Software Subscribe
Oncommand Workflow Automation Subscribe
Ontap Select Deploy Administration Utility Subscribe
Nokogiri Subscribe
Nokogiri Subscribe
Python Subscribe
Python Subscribe
Redhat Subscribe
Enterprise Linux Subscribe
Jboss Core Services Subscribe
Rhel Aus Subscribe
Rhel E4s Subscribe
Rhel Els Subscribe
Rhel Eus Subscribe
Rhel Tus Subscribe
Rhev Hypervisor Subscribe
Siemens Subscribe
Scalance Sc622-2c Subscribe
Scalance Sc622-2c Firmware Subscribe
Scalance Sc626-2c Subscribe
Scalance Sc626-2c Firmware Subscribe
Scalance Sc632-2c Subscribe
Scalance Sc632-2c Firmware Subscribe
Scalance Sc636-2c Subscribe
Scalance Sc636-2c Firmware Subscribe
Scalance Sc642-2c Subscribe
Scalance Sc642-2c Firmware Subscribe
Scalance Sc646-2c Subscribe
Scalance Sc646-2c Firmware Subscribe
Zlib Subscribe
Zlib Subscribe
Advisories
Source ID Title
Debian DLA Debian DLA DLA-2968-1 zlib security update
Debian DLA Debian DLA DLA-2993-1 libz-mingw-w64 security update
Debian DLA Debian DLA DLA-3114-1 mariadb-10.3 security update
Debian DSA Debian DSA DSA-5111-1 zlib security update
EUVD EUVD EUVD-2022-1454 zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Github GHSA Github GHSA GHSA-jc36-42cf-vqwj Nokogiri affected by zlib's Out-of-bounds Write vulnerability
Ubuntu USN Ubuntu USN USN-5355-1 zlib vulnerability
Ubuntu USN Ubuntu USN USN-5355-2 zlib vulnerability
Ubuntu USN Ubuntu USN USN-5359-1 rsync vulnerability
Ubuntu USN Ubuntu USN USN-5359-2 rsync vulnerability
Ubuntu USN Ubuntu USN USN-5739-1 MariaDB vulnerabilities
Ubuntu USN Ubuntu USN USN-6736-1 klibc vulnerabilities
Ubuntu USN Ubuntu USN USN-6736-2 klibc vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://seclists.org/fulldisclosure/2022/May/33 cve-icon cve-icon
http://seclists.org/fulldisclosure/2022/May/35 cve-icon cve-icon
http://seclists.org/fulldisclosure/2022/May/38 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2022/03/25/2 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2022/03/26/1 cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf cve-icon cve-icon
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 cve-icon cve-icon
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12 cve-icon cve-icon
https://github.com/madler/zlib/issues/605 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2018-25032 cve-icon
https://security.gentoo.org/glsa/202210-42 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20220526-0009/ cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20220729-0004/ cve-icon cve-icon
https://support.apple.com/kb/HT213255 cve-icon cve-icon
https://support.apple.com/kb/HT213256 cve-icon cve-icon
https://support.apple.com/kb/HT213257 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2018-25032 cve-icon
https://www.debian.org/security/2022/dsa-5111 cve-icon cve-icon
https://www.openwall.com/lists/oss-security/2022/03/24/1 cve-icon cve-icon
https://www.openwall.com/lists/oss-security/2022/03/28/1 cve-icon cve-icon
https://www.openwall.com/lists/oss-security/2022/03/28/3 cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujul2022.html cve-icon cve-icon
History

Thu, 21 Aug 2025 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
CPEs cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows

Tue, 06 May 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 28 Mar 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Nokogiri
Nokogiri nokogiri
CPEs cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:ruby:*:*
Vendors & Products Nokogiri
Nokogiri nokogiri

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-05-06T14:19:53.894Z

Reserved: 2022-03-25T00:00:00.000Z

Link: CVE-2018-25032

cve-icon Vulnrichment

Updated: 2024-08-05T12:26:39.599Z

cve-icon NVD

Status : Analyzed

Published: 2022-03-25T09:15:08.187

Modified: 2025-08-21T20:37:11.840

Link: CVE-2018-25032

cve-icon Redhat

Severity : Important

Publid Date: 2018-04-20T00:00:00Z

Links: CVE-2018-25032 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses