PT-2022-4459 · Unknown+16 · Mysql Server+15

Evgeny Legerov

Published

2022-08-05

Updated

2026-03-10

CVE-2022-37434

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions zlib versions 1.2.12 and earlier MySQL Server versions 5.7.41 and earlier, 8.0.31 and earlier

Description The issue is related to a heap-based buffer over-read or buffer overflow in the inflate function of the zlib library, specifically in the inflate.c component. This can be triggered by a large gzip header extra field. Only applications that call inflateGetHeader are affected. The exploitation of this issue may allow a remote attacker to execute arbitrary code on the system. It is also noted that some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader.

Recommendations For zlib versions 1.2.12 and earlier, update to a version that includes improved checks to address the heap-based buffer overflow issue. For MySQL Server versions 5.7.41 and earlier, 8.0.31 and earlier, consider restricting access to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the inflateGetHeader function in affected applications until a patch is available.

Exploit

Fix

DoS

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-120

Related Identifiers

ALSA-2022:7106

ALSA-2022:7314

ALSA-2022:7793

ALSA-2022:8291

ALSA-2022_7106

ALSA-2022_7314

ALSA-2022_7793

ALSA-2022_8291

ALSA-2024_1141

ALSA-2025_16880

ALSA-2025_8395

ALT-PU-2022-2364

ALT-PU-2022-2365

ALT-PU-2022-2434

ALT-PU-2022-2477

ALT-PU-2022-2506

ALT-PU-2022-2984

ALT-PU-2022-3232

ALT-PU-2023-1687

ALT-PU-2023-7320

ALT-PU-2023-7463

ALT-PU-2023-7647

ALT-PU-2023-7888

AZL-10470

AZL-41380

AZL-42760

AZL-43906

AZL-44121

AZL-44136

AZL-44268

AZL-44358

AZL-44769

AZL-44991

AZL-45096

AZL-45276

BDU:2022-05325

CESA-2022_7106

CESA-2022_7793

CESA-2023_1095

CVE-2022-37434

DLA-3103-1

DSA-5218-1

ELSA-2022-7106

ELSA-2022-7314

ELSA-2022-7793

ELSA-2022-8291

ELSA-2022-9987

ELSA-2022-9988

ELSA-2023-1095

FREEBSD-SA-22_13

MGASA-2022-0328

OESA-2022-1843

OESA-2022-1853

OESA-2022-1892

OESA-2022-1973

OESA-2022-2003

OESA-2023-1285

OPENSUSE-SU-2022:2947-1

OPENSUSE-SU-2022_2947-1

OPENSUSE-SU-2023:0365-1

OPENSUSE-SU-2023:0366-1

OPENSUSE-SU-2024:12270-1

OPENSUSE-SU-2024:12298-1

OPENSUSE-SU-2024:12367-1

OPENSUSE-SU-2024:12843-1

OPENSUSE-SU-2024:13367-1

OPENSUSE-SU-2024:14386-1

RHSA-2022:7106

RHSA-2022:7314

RHSA-2022:7793

RHSA-2022:8291

RHSA-2022_7106

RHSA-2022_7314

RHSA-2022_7793

RHSA-2022_8291

RHSA-2023:1095

RHSA-2023_1095

RHSA-2024:0254

RLSA-2022:7106

RLSA-2022:7314

RLSA-2022:7793

RLSA-2022:8291

RLSA-2022_7106

RLSA-2022_7314

RLSA-2022_7793

RLSA-2022_8291

ROSA-SA-2023-2131

ROSA-SA-2024-2463

SUSE-SU-2022:2845-1

SUSE-SU-2022:2846-1

SUSE-SU-2022:2847-1

SUSE-SU-2022:2947-1

SUSE-SU-2022_2845-1

SUSE-SU-2022_2846-1

SUSE-SU-2022_2847-1

SUSE-SU-2022_2947-1

USN-5570-1

USN-5570-2

USN-5573-1

USN-6736-1

USN-6736-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Freebsd

Ibm Aix

Linuxmint

Apple Macos

Mysql Server

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Zlib

PT-2022-4459 · Unknown+16 · Mysql Server+15

CVE-2022-37434

Weakness Enumeration

Related Identifiers

Affected Products

References · 191