PT-2022-2042 · Zlib+16 · Zlib+16

Published

2018-04-20

Updated

2026-03-13

CVE-2018-25032

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:C

Name of the Vulnerable Software and Affected Versions zlib versions 1.2.11 through 1.2.12

Description The issue is related to memory corruption when deflating, i.e., when compressing, if the input has many distant matches. This can lead to a buffer overflow in memory. An attacker could potentially exploit this issue by sending specially crafted data to an application, resulting in a denial of service or possibly more severe consequences, although the full extent of the potential impact has not been studied. The vulnerability can be exploited by an attacker with network access via multiple protocols.

Recommendations For zlib versions 1.2.11 through 1.2.12, update to release 1.2.12 or later for additional bug fixes. As a temporary workaround, consider restricting the input to the deflation function to prevent memory corruption until a patch is available.

Exploit

Fix

DoS

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

ALSA-2022:1642

ALSA-2022:2201

ALSA-2022:7813

ALSA-2022:8420

ALSA-2025_16880

ALT-PU-2022-1706

ALT-PU-2022-2027

ALT-PU-2022-2061

ALT-PU-2022-2418

ALT-PU-2022-2436

ALT-PU-2022-2446

ALT-PU-2022-2552

ALT-PU-2022-3102

ALT-PU-2022-3232

ALT-PU-2023-1518

ALT-PU-2023-1583

ALT-PU-2023-1912

ALT-PU-2023-4266

ALT-PU-2023-6462

ALT-PU-2024-2598

ALT-PU-2024-3474

ALT-PU-2024-7812

AZL-26135

AZL-26156

AZL-26164

AZL-42715

AZL-42759

AZL-43675

AZL-43678

AZL-43753

AZL-43990

AZL-44181

AZL-44466

AZL-44919

AZL-45177

AZL-45231

AZL-9143

BDU:2022-01641

CESA-2022_1642

CESA-2022_2201

CESA-2022_2213

CESA-2022_7813

CVE-2018-25032

DLA-2968-1

DLA-2993-1

DLA-3114-1

DLA-3114-2

DSA-5111-1

FREEBSD-SA-22_08

GHSA-JC36-42CF-VQWJ

GHSA-V6GP-9MMM-C6P5

INFSA-2022_7813

MGASA-2022-0124

MGASA-2022-0314

OESA-2022-1651

OPENSUSE-SU-2022:10126-1

OPENSUSE-SU-2022:1061-1

OPENSUSE-SU-2022_1061-1

OPENSUSE-SU-2024:11966-1

OPENSUSE-SU-2024:11999-1

OPENSUSE-SU-2024:12021-1

OPENSUSE-SU-2024:12042-1

OPENSUSE-SU-2024:12068-1

OPENSUSE-SU-2024:12097-1

OPENSUSE-SU-2024:12360-1

OPENSUSE-SU-2024:13165-1

OPENSUSE-SU-2024:13629-1

OPENSUSE-SU-2024:14174-1

OPENSUSE-SU-2025:14656-1

OPENSUSE-SU-2025:14697-1

OPENSUSE-SU-2026:10356-1

PSF-2022-3

RHSA-2022:1591

RHSA-2022:1642

RHSA-2022:1661

RHSA-2022:2192

RHSA-2022:2197

RHSA-2022:2198

RHSA-2022:2201

RHSA-2022:2213

RHSA-2022:2214

RHSA-2022:4584

RHSA-2022:4592

RHSA-2022:4845

RHSA-2022:4896

RHSA-2022:5439

RHSA-2022:7813

RHSA-2022:8420

RHSA-2022_1642

RHSA-2022_2201

RHSA-2022_2213

RHSA-2022_2214

RHSA-2022_4584

RHSA-2022_4592

RHSA-2022_7813

RHSA-2022_8420

RHSA-2023:0943

RHSA-2023:0975

RHSA-2023:0976

RLSA-2022:1642

RLSA-2022:2201

ROSA-SA-2024-2463

SUSE-RU-2023:3956-1

SUSE-RU-2023:4991-1

SUSE-SU-2022:1023-1

SUSE-SU-2022:1043-1

SUSE-SU-2022:1061-1

SUSE-SU-2022:1061-2

SUSE-SU-2022:1062-1

SUSE-SU-2022:14929-1

SUSE-SU-2022:3225-1

SUSE-SU-2022_1023-1

SUSE-SU-2022_1043-1

SUSE-SU-2022_1061-1

SUSE-SU-2022_1062-1

SUSE-SU-2022_14929-1

SUSE-SU-2022_3225-1

USN-5355-1

USN-5355-2

USN-5359-1

USN-5359-2

USN-5739-1

USN-5739-2

USN-6736-1

USN-6736-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Freebsd

Ibm Aix

Linuxmint

Apple Macos

Mariadb Server

Mysql Server

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Zlib

PT-2022-2042 · Zlib+16 · Zlib+16

CVE-2018-25032

Weakness Enumeration

Related Identifiers

Affected Products

References · 716