CVE-2018-25032
Description
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.089
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-32091,CVE-2022-32084,CVE-2018-25032 are fixed in MariaDB MariaDB 10.3.36 | Windows |
| Multiple vulnerabilities fixed in MariaDB MariaDB 10.4.26 | Windows |
| Multiple vulnerabilities fixed in MariaDB MariaDB 10.5.17 | Windows |
| Multiple vulnerabilities fixed in MariaDB MariaDB 10.6.9 | Windows |
| Multiple vulnerabilities fixed in MariaDB MariaDB 10.7.5 | Windows |
| Multiple vulnerabilities fixed in MariaDB MariaDB 10.8.4 | Windows |
| Multiple vulnerabilities fixed in MariaDB MariaDB 10.9.2 | Windows |
| Vulnerabilities CVE-2018-25032 are fixed in MariaDB MariaDB Connector/C 3.1.17 | Windows |
| Vulnerabilities CVE-2018-25032 are fixed in MariaDB MariaDB Connector/C 3.2.7 | Windows |
| Vulnerabilities CVE-2018-25032 are fixed in MariaDB MariaDB Connector/C 3.3.1 | Windows |
| Vulnerabilities CVE-2018-25032,CVE-2022-1292,CVE-2022-21515,CVE-2022-27778 are affected in Mysql 5.7.38 | Windows |
| Multiple vulnerabilities are affected in Mysql 8.0.29 | Windows |
| Multiple vulnerabilities are fixed in Azul Zulu JDK 17 (17.54.21) | Windows |
| Multiple vulnerabilities are fixed in Azul Zulu JDK 17 (x64) (17.54.21) | Windows |
| Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) 8.62 | Windows |
| Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) (x64) 8.62 | Windows |
| Multiple vulnerabilities are fixed in Azul Zulu JDK 11 (MSI) (x64) 11.56 | Windows |
| Multiple vulnerabilities are fixed in Azul Zulu JDK 13 13.48 | Windows |
| Multiple vulnerabilities are fixed in Azul Zulu JDK 17 17.34 | Windows |
| Multiple vulnerabilities are fixed in Azul Zulu JDK 17 (x64) 17.34 | Windows |
| Multiple vulnerabilities are fixed in Nessus Agent (x64) (10.2.0.20130) | Windows |
| Multiple vulnerabilities are fixed in Nessus Agent (10.2.0.20130) | Windows |
| Multiple vulnerabilities are fixed in Tenable Nessus 10.2.0 | Windows |
| Vulnerabilities CVE-2022-24836,CVE-2018-25032 are fixed in Ruby-nokogiri 1.13.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.4 | Windows |
| Multiple vulnerabilities are affected in Oracle HTTP Server 12.2.1.4.0 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.58 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.59 | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0.7 | Windows |
| Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1 | Windows |
| Multiple Vulnerabilities are affected in IBM MQ 8.0 | Windows |
| Multiple Vulnerabilities are affected in IBM MQ 9.0 | Windows |
| Multiple Vulnerabilities are affected in IBM MQ 9.1 | Windows |
| Multiple Vulnerabilities are affected in IBM MQ 9.2 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 11.0.0.18 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 12.0.5.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Aspera Faspex 4.4.2 | Windows |
| Vulnerabilities CVE-2018-25032,CVE-2022-27664 are affected in IBM Spectrum Protect Server 8.1.16 | Windows |
| Multiple vulnerabilities are fixed in Mac OS - Monterey 12.4 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in MacOS Big Sur 11.6.6 - Software Update | Mac |
| SUSE-SU-2022:1023-1(SUSE Linux Enterprise Server 12-SP5 ) libz1-1.2.11-11.19.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1023-1(SUSE Linux Enterprise Server 12-SP5 ) libz1-32bit-1.2.11-11.19.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1023-1(SUSE Linux Enterprise Server 12-SP5 ) libz1-debuginfo-1.2.11-11.19.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1023-1(SUSE Linux Enterprise Server 12-SP5 ) libz1-debuginfo-32bit-1.2.11-11.19.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1023-1(SUSE Linux Enterprise Server 12-SP5 ) zlib-debugsource-1.2.11-11.19.1.x86_64.rpm | Linux |
| SUSE-SU-2022:1023-1(SUSE Linux Enterprise Server 12-SP5 ) zlib-devel-1.2.11-11.19.1.x86_64.rpm | Linux |
| Lossless data-compression library (USN-5355-1) zlib1g_1.2.11.dfsg-0ubuntu2.1_i386.deb | Linux |
| Lossless data-compression library (USN-5355-1) zlib1g_1.2.11.dfsg-0ubuntu2.1_amd64.deb | Linux |
| Lossless data-compression library (USN-5355-1) zlib1g_1.2.11.dfsg-2ubuntu1.5_i386.deb | Linux |
| Lossless data-compression library (USN-5355-1) zlib1g_1.2.11.dfsg-2ubuntu1.5_amd64.deb | Linux |
| Lossless data-compression library (USN-5355-1) zlib1g_1.2.11.dfsg-2ubuntu7.1_i386.deb | Linux |
| Lossless data-compression library (USN-5355-1) zlib1g_1.2.11.dfsg-2ubuntu7.1_amd64.deb | Linux |
| Lossless data-compression library (USN-5355-1) lib32z1_1.2.11.dfsg-0ubuntu2.1_amd64.deb | Linux |
| Lossless data-compression library (USN-5355-1) lib32z1_1.2.11.dfsg-2ubuntu1.5_amd64.deb | Linux |
| Lossless data-compression library (USN-5355-1) lib32z1_1.2.11.dfsg-2ubuntu7.1_amd64.deb | Linux |
| Lossless data-compression library (USN-5355-1) lib64z1_1.2.11.dfsg-0ubuntu2.2_i386.deb | Linux |
| Lossless data-compression library (USN-5355-1) lib64z1_1.2.11.dfsg-2ubuntu1.5_i386.deb | Linux |
| Lossless data-compression library (USN-5355-1) lib64z1_1.2.11.dfsg-2ubuntu7.1_i386.deb | Linux |
| Lossless data-compression library (USN-5355-1) libx32z1_1.2.11.dfsg-0ubuntu2.2_i386.deb | Linux |
| Lossless data-compression library (USN-5355-1) libx32z1_1.2.11.dfsg-0ubuntu2.2_amd64.deb | Linux |
| Lossless data-compression library (USN-5355-1) libx32z1_1.2.11.dfsg-2ubuntu1.5_i386.deb | Linux |
| Lossless data-compression library (USN-5355-1) libx32z1_1.2.11.dfsg-2ubuntu1.5_amd64.deb | Linux |
| Lossless data-compression library (USN-5355-1) libx32z1_1.2.11.dfsg-2ubuntu7.1_i386.deb | Linux |
| Lossless data-compression library (USN-5355-1) libx32z1_1.2.11.dfsg-2ubuntu7.1_amd64.deb | Linux |
| Zlib update (ELSA-2022-1642) zlib-1.2.11-18.el8_5.i686.rpm | Linux |
| Zlib update (ELSA-2022-1642) zlib-1.2.11-18.el8_5.x86_64.rpm | Linux |
| Zlib-devel update (ELSA-2022-1642) zlib-devel-1.2.11-18.el8_5.i686.rpm | Linux |
| Zlib-devel update (ELSA-2022-1642) zlib-devel-1.2.11-18.el8_5.x86_64.rpm | Linux |
| Zlib-static update (ELSA-2022-1642) zlib-static-1.2.11-18.el8_5.i686.rpm | Linux |
| Zlib-static update (ELSA-2022-1642) zlib-static-1.2.11-18.el8_5.x86_64.rpm | Linux |
| (RHSA-2022:1642) zlib security update zlib-debugsource-1.2.11-18.el8_5.i686.rpm | Linux |
| (RHSA-2022:1642) zlib security update zlib-debugsource-1.2.11-18.el8_5.x86_64.rpm | Linux |
| Minizip update (ELSA-2022-2213) minizip-1.2.7-20.el7_9.i686.rpm | Linux |
| Minizip update (ELSA-2022-2213) minizip-1.2.7-20.el7_9.x86_64.rpm | Linux |
| Minizip-devel update (ELSA-2022-2213) minizip-devel-1.2.7-20.el7_9.i686.rpm | Linux |
| Minizip-devel update (ELSA-2022-2213) minizip-devel-1.2.7-20.el7_9.x86_64.rpm | Linux |
| Zlib update (ELSA-2022-2213) zlib-1.2.7-20.el7_9.i686.rpm | Linux |
| Zlib update (ELSA-2022-2213) zlib-1.2.7-20.el7_9.x86_64.rpm | Linux |
| Zlib-devel update (ELSA-2022-2213) zlib-devel-1.2.7-20.el7_9.i686.rpm | Linux |
| Zlib-devel update (ELSA-2022-2213) zlib-devel-1.2.7-20.el7_9.x86_64.rpm | Linux |
| Zlib-static update (ELSA-2022-2213) zlib-static-1.2.7-20.el7_9.i686.rpm | Linux |
| Zlib-static update (ELSA-2022-2213) zlib-static-1.2.7-20.el7_9.x86_64.rpm | Linux |
| (RHSA-2022:2213) zlib security update zlib-static-1.2.7-20.el7_9.i686.rpm | Linux |
| (RHSA-2022:2213) zlib security update zlib-static-1.2.7-20.el7_9.x86_64.rpm | Linux |
| (RHSA-2022:2201) rsync security update rsync-daemon-3.1.3-14.el8_6.2.noarch.rpm | Linux |
| (RHSA-2022:2201) rsync security update rsync-debugsource-3.1.3-14.el8_6.2.x86_64.rpm | Linux |
| Rsync update (ELSA-2022-2201) rsync-3.1.3-14.el8_6.2.x86_64.rpm | Linux |
| Rsync-daemon update (ELSA-2022-2201) rsync-daemon-3.1.3-14.el8_6.2.noarch.rpm | Linux |
| MariaDB database (USN-5739-1) mariadb-server_10.3.37-0ubuntu0.20.04.1_all.deb | Linux |
| MariaDB database (USN-5739-1) mariadb-server_10.6.11-0ubuntu0.22.04.1_all.deb | Linux |
| MariaDB database (USN-5739-1) mariadb-server_10.6.11-0ubuntu0.22.10.1_all.deb | Linux |
| Zlib update (ELSA-2022-4584) zlib-1.2.11-31.el9_0.1.i686.rpm | Linux |
| Zlib update (ELSA-2022-4584) zlib-1.2.11-31.el9_0.1.x86_64.rpm | Linux |
| Zlib-devel update (ELSA-2022-4584) zlib-devel-1.2.11-31.el9_0.1.i686.rpm | Linux |
| Zlib-devel update (ELSA-2022-4584) zlib-devel-1.2.11-31.el9_0.1.x86_64.rpm | Linux |
| Rsync update (ELSA-2022-4592) rsync-3.2.3-9.el9_0.1.x86_64.rpm | Linux |
| Rsync-daemon update (ELSA-2022-4592) rsync-daemon-3.2.3-9.el9_0.1.noarch.rpm | Linux |
| Judy update (ELSA-2023-5259) Judy-1.0.5-18.0.1.module+el8.3.0+9616+7a81225f.i686.rpm | Linux |
| Judy update (ELSA-2023-5259) Judy-1.0.5-18.0.1.module+el8.3.0+9616+7a81225f.x86_64.rpm | Linux |
| Galera update (ELSA-2023-5259) galera-25.3.37-1.module+el8.8.0+21165+f6462f70.x86_64.rpm | Linux |
| Mariadb update (ELSA-2023-5259) mariadb-10.3.39-1.module+el8.8.0+21165+f6462f70.x86_64.rpm | Linux |
| Mariadb-backup update (ELSA-2023-5259) mariadb-backup-10.3.39-1.module+el8.8.0+21165+f6462f70.x86_64.rpm | Linux |
| Mariadb-common update (ELSA-2023-5259) mariadb-common-10.3.39-1.module+el8.8.0+21165+f6462f70.x86_64.rpm | Linux |
| Mariadb-devel update (ELSA-2023-5259) mariadb-devel-10.3.39-1.module+el8.8.0+21165+f6462f70.x86_64.rpm | Linux |
| Mariadb-embedded update (ELSA-2023-5259) mariadb-embedded-10.3.39-1.module+el8.8.0+21165+f6462f70.x86_64.rpm | Linux |
| Mariadb-embedded-devel update (ELSA-2023-5259) mariadb-embedded-devel-10.3.39-1.module+el8.8.0+21165+f6462f70.x86_64.rpm | Linux |
| Mariadb-errmsg update (ELSA-2023-5259) mariadb-errmsg-10.3.39-1.module+el8.8.0+21165+f6462f70.x86_64.rpm | Linux |
| Mariadb-gssapi-server update (ELSA-2023-5259) mariadb-gssapi-server-10.3.39-1.module+el8.8.0+21165+f6462f70.x86_64.rpm | Linux |
| Mariadb-oqgraph-engine update (ELSA-2023-5259) mariadb-oqgraph-engine-10.3.39-1.module+el8.8.0+21165+f6462f70.x86_64.rpm | Linux |
| Mariadb-server update (ELSA-2023-5259) mariadb-server-10.3.39-1.module+el8.8.0+21165+f6462f70.x86_64.rpm | Linux |
| Mariadb-server-galera update (ELSA-2023-5259) mariadb-server-galera-10.3.39-1.module+el8.8.0+21165+f6462f70.x86_64.rpm | Linux |
| Mariadb-server-utils update (ELSA-2023-5259) mariadb-server-utils-10.3.39-1.module+el8.8.0+21165+f6462f70.x86_64.rpm | Linux |
| Mariadb-test update (ELSA-2023-5259) mariadb-test-10.3.39-1.module+el8.8.0+21165+f6462f70.x86_64.rpm | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-alsa-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-devel-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-plugin-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-99~1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-debugsource-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-debuginfo-99~1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| zlib security update (RLSA-2022:1642) zlib-1.2.11-18.el8_5.i686.rpm | Linux |
| zlib security update (RLSA-2022:1642) zlib-1.2.11-18.el8_5.x86_64.rpm | Linux |
| zlib security update (RLSA-2022:1642) zlib-devel-1.2.11-18.el8_5.i686.rpm | Linux |
| zlib security update (RLSA-2022:1642) zlib-devel-1.2.11-18.el8_5.x86_64.rpm | Linux |
| small utilities built with klibc for early boot (USN-6736-2) klibc-utils_2.0.13-4ubuntu0.1_amd64.deb | Linux |
| small utilities built with klibc for early boot (USN-6736-2) klibc-utils_2.0.13-4ubuntu0.1_i386.deb | Linux |
| small utilities built with klibc for early boot (USN-6736-2) libklibc_2.0.13-4ubuntu0.1_amd64.deb | Linux |
| small utilities built with klibc for early boot (USN-6736-2) libklibc_2.0.13-4ubuntu0.1_i386.deb | Linux |
| rsync Security Update (ALAS-2023-002) rsync-3.2.6-1.amzn2023.0.3.x86_64.rpm | Linux |
| rsync Security Update (ALAS-2023-002) rsync-daemon-3.2.6-1.amzn2023.0.3.noarch.rpm | Linux |
| Vulnerabilities CVE-2022-24836,CVE-2018-25032 are fixed in Ruby-nokogiri for Linux 1.13.4 | Linux |
| zlib Security Update (ALAS2023-2023-003) minizip-compat-1.2.11-33.amzn2023.0.4.x86_64.rpm | Linux |
| zlib Security Update (ALAS2023-2023-003) minizip-compat-devel-1.2.11-33.amzn2023.0.4.x86_64.rpm | Linux |
| zlib Security Update (ALAS2023-2023-003) zlib-1.2.11-33.amzn2023.0.4.x86_64.rpm | Linux |
| zlib Security Update (ALAS2023-2023-003) zlib-devel-1.2.11-33.amzn2023.0.4.x86_64.rpm | Linux |
| zlib Security Update (ALAS2023-2023-003) zlib-static-1.2.11-33.amzn2023.0.4.x86_64.rpm | Linux |
| rsync Security Update (ALAS2023-2023-002) rsync-3.2.6-1.amzn2023.0.3.x86_64.rpm | Linux |
| rsync Security Update (ALAS2023-2023-002) rsync-daemon-3.2.6-1.amzn2023.0.3.noarch.rpm | Linux |
| Out-of-bounds Write Vulnerability (CVE-2018-25032) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-342219 | Azul Zulu JDK 17 (17.54.21) |
| PATCH-342220 | Azul Zulu JDK 17 (x64) (17.54.21) |
| PATCH-342222 | Azul Zulu JDK 8 (MSI) (8.82.0.21) |
| PATCH-342223 | Azul Zulu JDK 8 (MSI) (x64) (8.82.0.21) |
| PATCH-342218 | Azul Zulu JDK 11 (MSI) (x64) (11.76.21) |
| PATCH-328592 | Azul Zulu JDK 13 (13.54.17) |
| PATCH-342219 | Azul Zulu JDK 17 (17.54.21) |
| PATCH-342220 | Azul Zulu JDK 17 (x64) (17.54.21) |
| PATCH-346982 | Nessus Agent (x64) (10.8.4) (Manual Upload Required) |
| PATCH-346981 | Nessus Agent (10.8.4) (Manual Upload Required) |
| PATCH-608134 | Mac OS - Monterey 12.7.6 (Software Update) - AutoReboot (CVE-2024-27877) |
| PATCH-605753 | MacOS Big Sur 11.7.10 - Software Update (Force Reboot)(CVE-2023-41064) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234