{"id":"ALPINE-CVE-2022-37434","details":"zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).","modified":"2025-12-03T22:50:43.469206Z","published":"2022-08-05T07:15:07.240Z","upstream":["CVE-2022-37434"],"references":[{"type":"ADVISORY","url":"https://security.alpinelinux.org/vuln/CVE-2022-37434"}],"affected":[{"package":{"name":"zlib","ecosystem":"Alpine:v3.11","purl":"pkg:apk/alpine/zlib?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.11-r4"}]}],"versions":["1.2.10-r0","1.2.11-r0","1.2.11-r1","1.2.11-r2","1.2.11-r3","1.2.3.3-r2","1.2.3.3-r3","1.2.3.3-r4","1.2.3.3-r5","1.2.3.3-r6","1.2.3.3-r7","1.2.3.4-r0","1.2.3.4-r1","1.2.3.7-r0","1.2.3.7-r1","1.2.3.9-r0","1.2.4-r0","1.2.4-r1","1.2.5-r0","1.2.5-r1","1.2.5-r2","1.2.6-r0","1.2.7-r0","1.2.7-r1","1.2.8-r0","1.2.8-r1","1.2.8-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-37434.json"}},{"package":{"name":"zlib","ecosystem":"Alpine:v3.12","purl":"pkg:apk/alpine/zlib?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.12-r2"}]}],"versions":["1.2.10-r0","1.2.11-r0","1.2.11-r1","1.2.11-r2","1.2.11-r3","1.2.12-r0","1.2.12-r1","1.2.3.3-r2","1.2.3.3-r3","1.2.3.3-r4","1.2.3.3-r5","1.2.3.3-r6","1.2.3.3-r7","1.2.3.4-r0","1.2.3.4-r1","1.2.3.7-r0","1.2.3.7-r1","1.2.3.9-r0","1.2.4-r0","1.2.4-r1","1.2.5-r0","1.2.5-r1","1.2.5-r2","1.2.6-r0","1.2.7-r0","1.2.7-r1","1.2.8-r0","1.2.8-r1","1.2.8-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-37434.json"}},{"package":{"name":"zlib","ecosystem":"Alpine:v3.13","purl":"pkg:apk/alpine/zlib?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.12-r2"}]}],"versions":["1.2.10-r0","1.2.11-r0","1.2.11-r1","1.2.11-r2","1.2.11-r3","1.2.12-r0","1.2.12-r1","1.2.3.3-r2","1.2.3.3-r3","1.2.3.3-r4","1.2.3.3-r5","1.2.3.3-r6","1.2.3.3-r7","1.2.3.4-r0","1.2.3.4-r1","1.2.3.7-r0","1.2.3.7-r1","1.2.3.9-r0","1.2.4-r0","1.2.4-r1","1.2.5-r0","1.2.5-r1","1.2.5-r2","1.2.6-r0","1.2.7-r0","1.2.7-r1","1.2.8-r0","1.2.8-r1","1.2.8-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-37434.json"}},{"package":{"name":"zlib","ecosystem":"Alpine:v3.14","purl":"pkg:apk/alpine/zlib?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.12-r2"}]}],"versions":["1.2.10-r0","1.2.11-r0","1.2.11-r1","1.2.11-r2","1.2.11-r3","1.2.12-r0","1.2.12-r1","1.2.3.3-r2","1.2.3.3-r3","1.2.3.3-r4","1.2.3.3-r5","1.2.3.3-r6","1.2.3.3-r7","1.2.3.4-r0","1.2.3.4-r1","1.2.3.7-r0","1.2.3.7-r1","1.2.3.9-r0","1.2.4-r0","1.2.4-r1","1.2.5-r0","1.2.5-r1","1.2.5-r2","1.2.6-r0","1.2.7-r0","1.2.7-r1","1.2.8-r0","1.2.8-r1","1.2.8-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-37434.json"}},{"package":{"name":"zlib","ecosystem":"Alpine:v3.15","purl":"pkg:apk/alpine/zlib?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.12-r2"}]}],"versions":["1.2.10-r0","1.2.11-r0","1.2.11-r1","1.2.11-r2","1.2.11-r3","1.2.12-r0","1.2.12-r1","1.2.3.3-r2","1.2.3.3-r3","1.2.3.3-r4","1.2.3.3-r5","1.2.3.3-r6","1.2.3.3-r7","1.2.3.4-r0","1.2.3.4-r1","1.2.3.7-r0","1.2.3.7-r1","1.2.3.9-r0","1.2.4-r0","1.2.4-r1","1.2.5-r0","1.2.5-r1","1.2.5-r2","1.2.6-r0","1.2.7-r0","1.2.7-r1","1.2.8-r0","1.2.8-r1","1.2.8-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-37434.json"}},{"package":{"name":"zlib","ecosystem":"Alpine:v3.16","purl":"pkg:apk/alpine/zlib?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.12-r2"}]}],"versions":["1.2.10-r0","1.2.11-r0","1.2.11-r1","1.2.11-r2","1.2.11-r3","1.2.11-r4","1.2.12-r0","1.2.12-r1","1.2.3.3-r2","1.2.3.3-r3","1.2.3.3-r4","1.2.3.3-r5","1.2.3.3-r6","1.2.3.3-r7","1.2.3.4-r0","1.2.3.4-r1","1.2.3.7-r0","1.2.3.7-r1","1.2.3.9-r0","1.2.4-r0","1.2.4-r1","1.2.5-r0","1.2.5-r1","1.2.5-r2","1.2.6-r0","1.2.7-r0","1.2.7-r1","1.2.8-r0","1.2.8-r1","1.2.8-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-37434.json"}},{"package":{"name":"zlib","ecosystem":"Alpine:v3.17","purl":"pkg:apk/alpine/zlib?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.12-r2"}]}],"versions":["1.2.10-r0","1.2.11-r0","1.2.11-r1","1.2.11-r2","1.2.11-r3","1.2.11-r4","1.2.12-r0","1.2.12-r1","1.2.3.3-r2","1.2.3.3-r3","1.2.3.3-r4","1.2.3.3-r5","1.2.3.3-r6","1.2.3.3-r7","1.2.3.4-r0","1.2.3.4-r1","1.2.3.7-r0","1.2.3.7-r1","1.2.3.9-r0","1.2.4-r0","1.2.4-r1","1.2.5-r0","1.2.5-r1","1.2.5-r2","1.2.6-r0","1.2.7-r0","1.2.7-r1","1.2.8-r0","1.2.8-r1","1.2.8-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-37434.json"}},{"package":{"name":"zlib","ecosystem":"Alpine:v3.18","purl":"pkg:apk/alpine/zlib?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.12-r2"}]}],"versions":["1.2.10-r0","1.2.11-r0","1.2.11-r1","1.2.11-r2","1.2.11-r3","1.2.11-r4","1.2.12-r0","1.2.12-r1","1.2.3.3-r2","1.2.3.3-r3","1.2.3.3-r4","1.2.3.3-r5","1.2.3.3-r6","1.2.3.3-r7","1.2.3.4-r0","1.2.3.4-r1","1.2.3.7-r0","1.2.3.7-r1","1.2.3.9-r0","1.2.4-r0","1.2.4-r1","1.2.5-r0","1.2.5-r1","1.2.5-r2","1.2.6-r0","1.2.7-r0","1.2.7-r1","1.2.8-r0","1.2.8-r1","1.2.8-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-37434.json"}},{"package":{"name":"zlib","ecosystem":"Alpine:v3.19","purl":"pkg:apk/alpine/zlib?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.12-r2"}]}],"versions":["1.2.10-r0","1.2.11-r0","1.2.11-r1","1.2.11-r2","1.2.11-r3","1.2.11-r4","1.2.12-r0","1.2.12-r1","1.2.3.3-r2","1.2.3.3-r3","1.2.3.3-r4","1.2.3.3-r5","1.2.3.3-r6","1.2.3.3-r7","1.2.3.4-r0","1.2.3.4-r1","1.2.3.7-r0","1.2.3.7-r1","1.2.3.9-r0","1.2.4-r0","1.2.4-r1","1.2.5-r0","1.2.5-r1","1.2.5-r2","1.2.6-r0","1.2.7-r0","1.2.7-r1","1.2.8-r0","1.2.8-r1","1.2.8-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-37434.json"}},{"package":{"name":"zlib","ecosystem":"Alpine:v3.20","purl":"pkg:apk/alpine/zlib?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.12-r2"}]}],"versions":["1.2.10-r0","1.2.11-r0","1.2.11-r1","1.2.11-r2","1.2.11-r3","1.2.11-r4","1.2.12-r0","1.2.12-r1","1.2.3.3-r2","1.2.3.3-r3","1.2.3.3-r4","1.2.3.3-r5","1.2.3.3-r6","1.2.3.3-r7","1.2.3.4-r0","1.2.3.4-r1","1.2.3.7-r0","1.2.3.7-r1","1.2.3.9-r0","1.2.4-r0","1.2.4-r1","1.2.5-r0","1.2.5-r1","1.2.5-r2","1.2.6-r0","1.2.7-r0","1.2.7-r1","1.2.8-r0","1.2.8-r1","1.2.8-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-37434.json"}},{"package":{"name":"zlib","ecosystem":"Alpine:v3.21","purl":"pkg:apk/alpine/zlib?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.12-r2"}]}],"versions":["1.2.10-r0","1.2.11-r0","1.2.11-r1","1.2.11-r2","1.2.11-r3","1.2.11-r4","1.2.12-r0","1.2.12-r1","1.2.3.3-r2","1.2.3.3-r3","1.2.3.3-r4","1.2.3.3-r5","1.2.3.3-r6","1.2.3.3-r7","1.2.3.4-r0","1.2.3.4-r1","1.2.3.7-r0","1.2.3.7-r1","1.2.3.9-r0","1.2.4-r0","1.2.4-r1","1.2.5-r0","1.2.5-r1","1.2.5-r2","1.2.6-r0","1.2.7-r0","1.2.7-r1","1.2.8-r0","1.2.8-r1","1.2.8-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-37434.json"}},{"package":{"name":"zlib","ecosystem":"Alpine:v3.22","purl":"pkg:apk/alpine/zlib?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.12-r2"}]}],"versions":["1.2.10-r0","1.2.11-r0","1.2.11-r1","1.2.11-r2","1.2.11-r3","1.2.11-r4","1.2.12-r0","1.2.12-r1","1.2.3.3-r2","1.2.3.3-r3","1.2.3.3-r4","1.2.3.3-r5","1.2.3.3-r6","1.2.3.3-r7","1.2.3.4-r0","1.2.3.4-r1","1.2.3.7-r0","1.2.3.7-r1","1.2.3.9-r0","1.2.4-r0","1.2.4-r1","1.2.5-r0","1.2.5-r1","1.2.5-r2","1.2.6-r0","1.2.7-r0","1.2.7-r1","1.2.8-r0","1.2.8-r1","1.2.8-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-37434.json"}},{"package":{"name":"zlib","ecosystem":"Alpine:v3.23","purl":"pkg:apk/alpine/zlib?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.12-r2"}]}],"versions":["1.2.10-r0","1.2.11-r0","1.2.11-r1","1.2.11-r2","1.2.11-r3","1.2.11-r4","1.2.12-r0","1.2.12-r1","1.2.3.3-r2","1.2.3.3-r3","1.2.3.3-r4","1.2.3.3-r5","1.2.3.3-r6","1.2.3.3-r7","1.2.3.4-r0","1.2.3.4-r1","1.2.3.7-r0","1.2.3.7-r1","1.2.3.9-r0","1.2.4-r0","1.2.4-r1","1.2.5-r0","1.2.5-r1","1.2.5-r2","1.2.6-r0","1.2.7-r0","1.2.7-r1","1.2.8-r0","1.2.8-r1","1.2.8-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-37434.json"}},{"package":{"name":"zlib-ng","ecosystem":"Alpine:v3.23","purl":"pkg:apk/alpine/zlib-ng?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.6-r0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2022-37434.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}