Your submission was sent successfully! Close

CVE-2018-25032

Published: 25 March 2022

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Notes

AuthorNote
mdeslaur
since 3.1.3-7, rsync builds with the system zlib
Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
rsync
Launchpad, Ubuntu, Debian
bionic
Released (3.1.2-2.1ubuntu1.4)
focal
Released (3.1.3-8ubuntu0.3)
impish Not vulnerable
(uses system zlib)
jammy Not vulnerable
(uses system zlib)
trusty Not vulnerable
(uses system zlib)
upstream
Released (3.2.4)
xenial
Released (3.1.1-3ubuntu1.3+esm1)
zlib
Launchpad, Ubuntu, Debian
bionic
Released (1:1.2.11.dfsg-0ubuntu2.1)
focal
Released (1:1.2.11.dfsg-2ubuntu1.3)
impish
Released (1:1.2.11.dfsg-2ubuntu7.1)
jammy
Released (1:1.2.11.dfsg-2ubuntu9)
trusty
Released (1:1.2.8.dfsg-1ubuntu1.1+esm1)
upstream
Released (1.2.12)
xenial
Released (1:1.2.8.dfsg-2ubuntu4.3+esm1)
Patches:
upstream: https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
upstream: https://github.com/madler/zlib/commit/4346a16853e19b45787ce933666026903fb8f3f8 (related)