VDB
ALPINE-CVE-2022-37434
ALPINE-CVE-2022-37434
PUBLISHED
CVSS 9.800000190734863 CRITICAL
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.20 | zlib | 1.2.3.7-r0, 1.2.11-r2, 1.2.11-r3 |
| Alpine:v3.12 | zlib | 1.2.3.4-r1, 1.2.3.3-r7, 1.2.3.3-r6 |
| Alpine:v3.23 | zlib-ng | 0, 0, 0 |
| Alpine:v3.19 | zlib | 1.2.3.3-r2, 1.2.8-r1, 1.2.8-r2 |
| Alpine:v3.22 | zlib | 1.2.3.3-r6, 1.2.11-r4, 1.2.8-r0 |
| Alpine:v3.24 | zlib-ng | 0 |
| Alpine:v3.23 | zlib | 1.2.12-r0, 1.2.3.3-r7, 1.2.3.4-r0 |
| Alpine:v3.14 | zlib | 1.2.11-r0, 0, 1.2.10-r0 |
| Alpine:v3.15 | zlib | 1.2.3.3-r5, 1.2.4-r0, 1.2.4-r1 |
| Alpine:v3.13 | zlib | 1.2.11-r2, 0, 1.2.6-r0 |
| Alpine:v3.24 | zlib | 0 |
| Alpine:v3.21 | zlib | 1.2.8-r1, 1.2.12-r0, 1.2.3.3-r5 |
| Alpine:v3.17 | zlib | 1.2.8-r1, 1.2.8-r1, 1.2.8-r2 |
| Alpine:v3.18 | zlib | 1.2.5-r2, 1.2.3.7-r1, 1.2.5-r0 |
| Alpine:v3.16 | zlib | 1.2.3.3-r4, 1.2.3.9-r0, 1.2.4-r0 |
| Alpine:v3.11 | zlib | 0, 1.2.8-r2, 1.2.8-r1 |
Timeline
- Aug 5, 2022 CVE Published
- Apr 30, 2026 Distribution Patch
- Jun 15, 2026 CVE Updated