VDB
CVE-2022-43928
CVE-2022-43928
PUBLISHED
CVSS 7.5 HIGH
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
EPSS 0.10% · 26.5th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.10%
26.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
Exploit Intelligence
- Apache synapse 反序列化 CVE–2017–15708 (github-poc)
- Apache synapse 反序列化 CVE–2017–15708 (github-poc)
- Apache synapse 反序列化 CVE–2017–15708 (github-poc)
- Apache synapse 反序列化 CVE–2017–15708 (github-poc)
- Proof of concept for CVE-2016-8858 (github-poc)
- Proof of concept for CVE-2016-8858 (github-poc)
- Proof of concept for CVE-2016-8858 (github-poc)
- Proof of concept for CVE-2016-8858 (github-poc)
- A proof of concept for CVE-2016-6515 (github-poc)
- A proof of concept for CVE-2016-6515 (github-poc)
…and 571 more exploits
Timeline
- Apr 30, 2017 PoC Published
- Jun 28, 2021 PoC Published
- Apr 22, 2022 PoC Published
- Mar 31, 2023 CVE Published
- Apr 8, 2023 EPSS Score
- May 16, 2023 EPSS Score
- Jun 9, 2023 PoC Published
- Jun 23, 2023 EPSS Score
- Jul 15, 2023 PoC Published
- Jul 31, 2023 EPSS Score
- Sep 6, 2023 EPSS Score
- Oct 5, 2023 PoC Published
References
- https://www.ibm.com/support/pages/node/6967016 advisory
- https://www.ibm.com/support/pages/node/6967283 advisory
- https://www.ibm.com/support/pages/node/6967285 advisory
- https://www.ibm.com/support/pages/node/6966998 advisory
- https://www.ibm.com/support/pages/node/6967315 advisory
- https://www.openwall.com/lists/oss-security/2022/03/24/1 url
- https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 url
- [oss-security] 20220325 Re: zlib memory corruption on deflate (i.e. compress) mailing-list
- [oss-security] 20220326 Re: zlib memory corruption on deflate (i.e. compress) mailing-list
- DSA-5111 vendor-advisory
- [debian-lts-announce] 20220402 [SECURITY] [DLA 2968-1] zlib security update mailing-list
- FEDORA-2022-413a80a102 vendor-advisory
- FEDORA-2022-dbd2935e44 vendor-advisory
- FEDORA-2022-12b89e2aad vendor-advisory
- [debian-lts-announce] 20220507 [SECURITY] [DLA 2993-1] libz-mingw-w64 security update mailing-list
- 20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina mailing-list
- 20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 mailing-list
- 20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4 mailing-list
- FEDORA-2022-61cf1c64f6 vendor-advisory
- https://www.oracle.com/security-alerts/cpujul2022.html url
…and 17 more