Details of VAR-202203-1690

ID

VAR-202203-1690

CVE

CVE-2018-25032

TITLE

Red Hat Security Advisory 2022-2218-01

Trust: 0.1

sources: PACKETSTORM: 167140

DESCRIPTION

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. Solution: For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2058404 - CVE-2022-0759 kubeclient: kubeconfig parsing error can lead to MITM attacks 5. JIRA issues fixed (https://issues.jboss.org/): LOG-2334 - [release-5.3] Events listing out of order in Kibana 6.8.1 LOG-2450 - http.max_header_size set to 128kb causes communication with elasticsearch to stop working LOG-2481 - EO shouldn't grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.3] 6. Bugs fixed (https://bugzilla.redhat.com/): 2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs 5. 8) - aarch64, ppc64le, s390x, x86_64 3. ========================================================================== Ubuntu Security Notice USN-5355-1 March 30, 2022 zlib vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: zlib could be made to crash or run programs if it received specially crafted input. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: lib32z1 1:1.2.11.dfsg-2ubuntu7.1 lib64z1 1:1.2.11.dfsg-2ubuntu7.1 libx32z1 1:1.2.11.dfsg-2ubuntu7.1 zlib1g 1:1.2.11.dfsg-2ubuntu7.1 Ubuntu 20.04 LTS: lib32z1 1:1.2.11.dfsg-2ubuntu1.3 lib64z1 1:1.2.11.dfsg-2ubuntu1.3 libx32z1 1:1.2.11.dfsg-2ubuntu1.3 zlib1g 1:1.2.11.dfsg-2ubuntu1.3 Ubuntu 18.04 LTS: lib32z1 1:1.2.11.dfsg-0ubuntu2.1 lib64z1 1:1.2.11.dfsg-0ubuntu2.1 libx32z1 1:1.2.11.dfsg-0ubuntu2.1 zlib1g 1:1.2.11.dfsg-0ubuntu2.1 After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: zlib security update Advisory ID: RHSA-2022:2213-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2213 Issue date: 2022-05-11 CVE Names: CVE-2018-25032 ==================================================================== 1. Summary: An update for zlib is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Security Fix(es): * zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2067945 - CVE-2018-25032 zlib: A flaw found in zlib when compressing (not decompressing) certain inputs 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: zlib-1.2.7-20.el7_9.src.rpm x86_64: zlib-1.2.7-20.el7_9.i686.rpm zlib-1.2.7-20.el7_9.x86_64.rpm zlib-debuginfo-1.2.7-20.el7_9.i686.rpm zlib-debuginfo-1.2.7-20.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: minizip-1.2.7-20.el7_9.i686.rpm minizip-1.2.7-20.el7_9.x86_64.rpm minizip-devel-1.2.7-20.el7_9.i686.rpm minizip-devel-1.2.7-20.el7_9.x86_64.rpm zlib-debuginfo-1.2.7-20.el7_9.i686.rpm zlib-debuginfo-1.2.7-20.el7_9.x86_64.rpm zlib-devel-1.2.7-20.el7_9.i686.rpm zlib-devel-1.2.7-20.el7_9.x86_64.rpm zlib-static-1.2.7-20.el7_9.i686.rpm zlib-static-1.2.7-20.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: zlib-1.2.7-20.el7_9.src.rpm x86_64: zlib-1.2.7-20.el7_9.i686.rpm zlib-1.2.7-20.el7_9.x86_64.rpm zlib-debuginfo-1.2.7-20.el7_9.i686.rpm zlib-debuginfo-1.2.7-20.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: minizip-1.2.7-20.el7_9.i686.rpm minizip-1.2.7-20.el7_9.x86_64.rpm minizip-devel-1.2.7-20.el7_9.i686.rpm minizip-devel-1.2.7-20.el7_9.x86_64.rpm zlib-debuginfo-1.2.7-20.el7_9.i686.rpm zlib-debuginfo-1.2.7-20.el7_9.x86_64.rpm zlib-devel-1.2.7-20.el7_9.i686.rpm zlib-devel-1.2.7-20.el7_9.x86_64.rpm zlib-static-1.2.7-20.el7_9.i686.rpm zlib-static-1.2.7-20.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: zlib-1.2.7-20.el7_9.src.rpm ppc64: zlib-1.2.7-20.el7_9.ppc.rpm zlib-1.2.7-20.el7_9.ppc64.rpm zlib-debuginfo-1.2.7-20.el7_9.ppc.rpm zlib-debuginfo-1.2.7-20.el7_9.ppc64.rpm zlib-devel-1.2.7-20.el7_9.ppc.rpm zlib-devel-1.2.7-20.el7_9.ppc64.rpm ppc64le: zlib-1.2.7-20.el7_9.ppc64le.rpm zlib-debuginfo-1.2.7-20.el7_9.ppc64le.rpm zlib-devel-1.2.7-20.el7_9.ppc64le.rpm s390x: zlib-1.2.7-20.el7_9.s390.rpm zlib-1.2.7-20.el7_9.s390x.rpm zlib-debuginfo-1.2.7-20.el7_9.s390.rpm zlib-debuginfo-1.2.7-20.el7_9.s390x.rpm zlib-devel-1.2.7-20.el7_9.s390.rpm zlib-devel-1.2.7-20.el7_9.s390x.rpm x86_64: zlib-1.2.7-20.el7_9.i686.rpm zlib-1.2.7-20.el7_9.x86_64.rpm zlib-debuginfo-1.2.7-20.el7_9.i686.rpm zlib-debuginfo-1.2.7-20.el7_9.x86_64.rpm zlib-devel-1.2.7-20.el7_9.i686.rpm zlib-devel-1.2.7-20.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: minizip-1.2.7-20.el7_9.ppc.rpm minizip-1.2.7-20.el7_9.ppc64.rpm minizip-devel-1.2.7-20.el7_9.ppc.rpm minizip-devel-1.2.7-20.el7_9.ppc64.rpm zlib-debuginfo-1.2.7-20.el7_9.ppc.rpm zlib-debuginfo-1.2.7-20.el7_9.ppc64.rpm zlib-static-1.2.7-20.el7_9.ppc.rpm zlib-static-1.2.7-20.el7_9.ppc64.rpm ppc64le: minizip-1.2.7-20.el7_9.ppc64le.rpm minizip-devel-1.2.7-20.el7_9.ppc64le.rpm zlib-debuginfo-1.2.7-20.el7_9.ppc64le.rpm zlib-static-1.2.7-20.el7_9.ppc64le.rpm s390x: minizip-1.2.7-20.el7_9.s390.rpm minizip-1.2.7-20.el7_9.s390x.rpm minizip-devel-1.2.7-20.el7_9.s390.rpm minizip-devel-1.2.7-20.el7_9.s390x.rpm zlib-debuginfo-1.2.7-20.el7_9.s390.rpm zlib-debuginfo-1.2.7-20.el7_9.s390x.rpm zlib-static-1.2.7-20.el7_9.s390.rpm zlib-static-1.2.7-20.el7_9.s390x.rpm x86_64: minizip-1.2.7-20.el7_9.i686.rpm minizip-1.2.7-20.el7_9.x86_64.rpm minizip-devel-1.2.7-20.el7_9.i686.rpm minizip-devel-1.2.7-20.el7_9.x86_64.rpm zlib-debuginfo-1.2.7-20.el7_9.i686.rpm zlib-debuginfo-1.2.7-20.el7_9.x86_64.rpm zlib-static-1.2.7-20.el7_9.i686.rpm zlib-static-1.2.7-20.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: zlib-1.2.7-20.el7_9.src.rpm x86_64: zlib-1.2.7-20.el7_9.i686.rpm zlib-1.2.7-20.el7_9.x86_64.rpm zlib-debuginfo-1.2.7-20.el7_9.i686.rpm zlib-debuginfo-1.2.7-20.el7_9.x86_64.rpm zlib-devel-1.2.7-20.el7_9.i686.rpm zlib-devel-1.2.7-20.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: minizip-1.2.7-20.el7_9.i686.rpm minizip-1.2.7-20.el7_9.x86_64.rpm minizip-devel-1.2.7-20.el7_9.i686.rpm minizip-devel-1.2.7-20.el7_9.x86_64.rpm zlib-debuginfo-1.2.7-20.el7_9.i686.rpm zlib-debuginfo-1.2.7-20.el7_9.x86_64.rpm zlib-static-1.2.7-20.el7_9.i686.rpm zlib-static-1.2.7-20.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnw1+9zjgjWX9erEAQhePQ//UtM5hhHSzE0ZKC4Z9/u34cRNcqIc5nmT opYgZo/hPWp5kkh0R9/tAMWAEa7olBzfzsxulOkm2I65R6k/+fLKaXeQOcwMAkSH gyKBU2TG3+ziT1BrsXBDWAse9mqU+zX7t9rDUZ8u9g30qr/9xrDtrVb0b4Sypslf K5CEMHoskqCnHdl2j+vPOyOCwq8KxLMPBAYtY/X51JwLtT8thvmCQrPWANvWjoSq nDhdVsWpBtPNnsgBqg8Jv+9YhEHJTaa3wVPVorzgP2Bo4W8gmiiukSK9Sv3zcCTu lJnSolqBBU7NmGdQooPrUlUoqJUKXfFXgu+mjybTym8Fdoe0lnxLFSvoEeAr9Swo XlFeBrOR8F5SO16tYKCAtyhafmJn+8MisTPN0NmUD7VLAJ0FzhEk48dlLl5+EoAy AlxiuqgKh+O1zFRN80RSvYkPjWKU6KyK8QJaSKdroGcMjNkjhZ3cM6bpVP6V75F3 CcLZWlP5d18qgfL/SRZo8NG23h+Fzz6FWNSQQZse27NS3BZsM4PVsHF5oaRN3Vij AFwDmIhHL7pE8pZaWck7qevt3i/hwzwYWV5VYYRgkYQIvveE0WUM/kqm+wqlU50Y bbpALcI5h9b83JgteVQG0hf9h5avYzgGrfbj+FOEVPPN86K37ILDvT45VcSjf1vO 4nrrtbUzAhY=Pgu3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * argocd: vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or the UI. Bugs fixed (https://bugzilla.redhat.com/): 2096278 - CVE-2022-31035 argocd: cross-site scripting (XSS) allow a malicious user to inject a javascript link in the UI 2096282 - CVE-2022-31034 argocd: vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or the UI. 2096283 - CVE-2022-31016 argocd: vulnerable to an uncontrolled memory consumption bug 2096291 - CVE-2022-31036 argocd: vulnerable to a symlink following bug allowing a malicious user with repository write access 5. Bugs fixed (https://bugzilla.redhat.com/): 2081686 - CVE-2022-29165 argocd: ArgoCD will blindly trust JWT claims if anonymous access is enabled 2081689 - CVE-2022-24905 argocd: Login screen allows message spoofing if SSO is enabled 2081691 - CVE-2022-24904 argocd: Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server 5

Trust: 1.71

sources: NVD: CVE-2018-25032 // VULHUB: VHN-418557 // PACKETSTORM: 167140 // PACKETSTORM: 167122 // PACKETSTORM: 168696 // PACKETSTORM: 166892 // PACKETSTORM: 166552 // PACKETSTORM: 167133 // PACKETSTORM: 167568 // PACKETSTORM: 167225

AFFECTED PRODUCTS

vendor:	netapp	model:	oncommand workflow automation	scope:	eq	version:	-	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	7.52	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.7	Trust: 1.0
vendor:	siemens	model:	scalance sc646-2c	scope:	lt	version:	3.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.7	Trust: 1.0
vendor:	python	model:	python	scope:	gte	version:	3.8.0	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	lt	version:	10.8.4	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	8.60	Trust: 1.0
vendor:	netapp	model:	h410c	scope:	eq	version:	-	Trust: 1.0
vendor:	nokogiri	model:	nokogiri	scope:	lt	version:	1.13.4	Trust: 1.0
vendor:	netapp	model:	h700s	scope:	eq	version:	-	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	lt	version:	10.6.9	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	netapp	model:	h410s	scope:	eq	version:	-	Trust: 1.0
vendor:	python	model:	python	scope:	lt	version:	3.8.14	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	gte	version:	10.4.0	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	gte	version:	10.5.0	Trust: 1.0
vendor:	python	model:	python	scope:	lt	version:	3.10.5	Trust: 1.0
vendor:	netapp	model:	hci compute node	scope:	eq	version:	-	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	11.54	Trust: 1.0
vendor:	python	model:	python	scope:	gte	version:	3.7.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.6.6	Trust: 1.0
vendor:	siemens	model:	scalance sc626-2c	scope:	lt	version:	3.0	Trust: 1.0
vendor:	python	model:	python	scope:	gte	version:	3.9.0	Trust: 1.0
vendor:	netapp	model:	h500s	scope:	eq	version:	-	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	lt	version:	10.4.26	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	gte	version:	10.8.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	lt	version:	10.3.36	Trust: 1.0
vendor:	goto	model:	gotoassist	scope:	lt	version:	11.9.18	Trust: 1.0
vendor:	siemens	model:	scalance sc636-2c	scope:	lt	version:	3.0	Trust: 1.0
vendor:	netapp	model:	ontap select deploy administration utility	scope:	eq	version:	-	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.15	Trust: 1.0
vendor:	zlib	model:	zlib	scope:	lt	version:	1.2.12	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	gte	version:	10.9.0	Trust: 1.0
vendor:	siemens	model:	scalance sc632-2c	scope:	lt	version:	3.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	12.4	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	gte	version:	10.6.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	lt	version:	10.9.2	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	13.46	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	gte	version:	10.3.0	Trust: 1.0
vendor:	siemens	model:	scalance sc622-2c	scope:	lt	version:	3.0	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	6.45	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	17.32	Trust: 1.0
vendor:	siemens	model:	scalance sc642-2c	scope:	lt	version:	3.0	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	15.38	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	lt	version:	10.7.5	Trust: 1.0
vendor:	python	model:	python	scope:	lt	version:	3.7.14	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	36	Trust: 1.0
vendor:	netapp	model:	h300s	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	gte	version:	11.0.0	Trust: 1.0
vendor:	python	model:	python	scope:	lt	version:	3.9.13	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	gte	version:	10.7.0	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	lte	version:	11.70.2	Trust: 1.0
vendor:	netapp	model:	management services for element software	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	mariadb	model:	mariadb	scope:	lt	version:	10.5.17	Trust: 1.0
vendor:	python	model:	python	scope:	gte	version:	3.10.0	Trust: 1.0

sources: NVD: CVE-2018-25032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-25032
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2018-25032
value:	HIGH
Trust: 1.0
VULHUB:	VHN-418557
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-25032
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-418557
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-25032
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-418557 // NVD: CVE-2018-25032 // NVD: CVE-2018-25032

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.1

sources: VULHUB: VHN-418557 // NVD: CVE-2018-25032

TYPE

arbitrary

Trust: 0.1

sources: PACKETSTORM: 166552

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-418557

EXTERNAL IDS

db:	NVD	id:	CVE-2018-25032	Trust: 1.9
db:	OPENWALL	id:	OSS-SECURITY/2022/03/28/3	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2022/03/26/1	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2022/03/28/1	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2022/03/24/1	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2022/03/25/2	Trust: 1.1
db:	SIEMENS	id:	SSA-333517	Trust: 1.1
db:	PACKETSTORM	id:	166552	Trust: 0.2
db:	PACKETSTORM	id:	167133	Trust: 0.2
db:	PACKETSTORM	id:	167122	Trust: 0.2
db:	PACKETSTORM	id:	167225	Trust: 0.2
db:	PACKETSTORM	id:	167140	Trust: 0.2
db:	PACKETSTORM	id:	168696	Trust: 0.2
db:	PACKETSTORM	id:	167568	Trust: 0.2
db:	PACKETSTORM	id:	168352	Trust: 0.1
db:	PACKETSTORM	id:	168042	Trust: 0.1
db:	PACKETSTORM	id:	166967	Trust: 0.1
db:	PACKETSTORM	id:	167327	Trust: 0.1
db:	PACKETSTORM	id:	167391	Trust: 0.1
db:	PACKETSTORM	id:	167381	Trust: 0.1
db:	PACKETSTORM	id:	167400	Trust: 0.1
db:	PACKETSTORM	id:	167956	Trust: 0.1
db:	PACKETSTORM	id:	167088	Trust: 0.1
db:	PACKETSTORM	id:	167142	Trust: 0.1
db:	PACKETSTORM	id:	167346	Trust: 0.1
db:	PACKETSTORM	id:	171157	Trust: 0.1
db:	PACKETSTORM	id:	169897	Trust: 0.1
db:	PACKETSTORM	id:	167008	Trust: 0.1
db:	PACKETSTORM	id:	167602	Trust: 0.1
db:	PACKETSTORM	id:	167277	Trust: 0.1
db:	PACKETSTORM	id:	167330	Trust: 0.1
db:	PACKETSTORM	id:	169782	Trust: 0.1
db:	PACKETSTORM	id:	167485	Trust: 0.1
db:	PACKETSTORM	id:	166946	Trust: 0.1
db:	PACKETSTORM	id:	167679	Trust: 0.1
db:	PACKETSTORM	id:	167334	Trust: 0.1
db:	PACKETSTORM	id:	167116	Trust: 0.1
db:	PACKETSTORM	id:	167389	Trust: 0.1
db:	PACKETSTORM	id:	166563	Trust: 0.1
db:	PACKETSTORM	id:	166555	Trust: 0.1
db:	PACKETSTORM	id:	167223	Trust: 0.1
db:	PACKETSTORM	id:	170003	Trust: 0.1
db:	PACKETSTORM	id:	167555	Trust: 0.1
db:	PACKETSTORM	id:	168036	Trust: 0.1
db:	PACKETSTORM	id:	167224	Trust: 0.1
db:	PACKETSTORM	id:	167260	Trust: 0.1
db:	PACKETSTORM	id:	167134	Trust: 0.1
db:	PACKETSTORM	id:	167364	Trust: 0.1
db:	PACKETSTORM	id:	167594	Trust: 0.1
db:	PACKETSTORM	id:	167461	Trust: 0.1
db:	PACKETSTORM	id:	171152	Trust: 0.1
db:	PACKETSTORM	id:	167188	Trust: 0.1
db:	PACKETSTORM	id:	167591	Trust: 0.1
db:	PACKETSTORM	id:	168011	Trust: 0.1
db:	PACKETSTORM	id:	167271	Trust: 0.1
db:	PACKETSTORM	id:	167936	Trust: 0.1
db:	PACKETSTORM	id:	167138	Trust: 0.1
db:	PACKETSTORM	id:	167189	Trust: 0.1
db:	PACKETSTORM	id:	167586	Trust: 0.1
db:	PACKETSTORM	id:	167186	Trust: 0.1
db:	PACKETSTORM	id:	167281	Trust: 0.1
db:	PACKETSTORM	id:	169624	Trust: 0.1
db:	PACKETSTORM	id:	167470	Trust: 0.1
db:	PACKETSTORM	id:	167265	Trust: 0.1
db:	PACKETSTORM	id:	166970	Trust: 0.1
db:	PACKETSTORM	id:	168392	Trust: 0.1
db:	PACKETSTORM	id:	167119	Trust: 0.1
db:	PACKETSTORM	id:	167136	Trust: 0.1
db:	PACKETSTORM	id:	167674	Trust: 0.1
db:	PACKETSTORM	id:	167622	Trust: 0.1
db:	PACKETSTORM	id:	167124	Trust: 0.1
db:	PACKETSTORM	id:	167486	Trust: 0.1
db:	VULHUB	id:	VHN-418557	Trust: 0.1
db:	PACKETSTORM	id:	166892	Trust: 0.1

sources: VULHUB: VHN-418557 // PACKETSTORM: 167140 // PACKETSTORM: 167122 // PACKETSTORM: 168696 // PACKETSTORM: 166892 // PACKETSTORM: 166552 // PACKETSTORM: 167133 // PACKETSTORM: 167568 // PACKETSTORM: 167225 // NVD: CVE-2018-25032

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf	Trust: 1.1
url:	https://security.netapp.com/advisory/ntap-20220729-0004/	Trust: 1.1
url:	https://github.com/madler/zlib/compare/v1.2.11...v1.2.12	Trust: 1.1
url:	https://security.netapp.com/advisory/ntap-20220526-0009/	Trust: 1.1
url:	https://support.apple.com/kb/ht213255	Trust: 1.1
url:	https://support.apple.com/kb/ht213256	Trust: 1.1
url:	https://support.apple.com/kb/ht213257	Trust: 1.1
url:	https://www.debian.org/security/2022/dsa-5111	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2022/may/38	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2022/may/35	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2022/may/33	Trust: 1.1
url:	https://security.gentoo.org/glsa/202210-42	Trust: 1.1
url:	https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531	Trust: 1.1
url:	https://github.com/madler/zlib/issues/605	Trust: 1.1
url:	https://www.openwall.com/lists/oss-security/2022/03/24/1	Trust: 1.1
url:	https://www.openwall.com/lists/oss-security/2022/03/28/1	Trust: 1.1
url:	https://www.openwall.com/lists/oss-security/2022/03/28/3	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpujul2022.html	Trust: 1.1
url:	https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html	Trust: 1.1
url:	https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html	Trust: 1.1
url:	https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html	Trust: 1.1
url:	http://www.openwall.com/lists/oss-security/2022/03/25/2	Trust: 1.1
url:	http://www.openwall.com/lists/oss-security/2022/03/26/1	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ns2d2gfpfgojul4wq3duay7hf4vwq77f/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/voknp2l734ael47nrygvzikefoubqy5y/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xokfmsnq5d5wgmalbnbxu3ge442v74wu/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/dczfijbjtz7cl5qxbfktq22q26vinruf/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/df62mvmh3qugmbdcb3dy2erq6ebhtadb/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jzzptwryqulaol3aw7rzjnvz2uonxcv4/	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25032	Trust: 0.8
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2018-25032	Trust: 0.7
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2022-1271	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1271	Trust: 0.5
url:	https://access.redhat.com/articles/11258	Trust: 0.5
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1154	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-1154	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0778	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-0778	Trust: 0.3
url:	https://issues.jboss.org/):	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-43797	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-0759	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-21426	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21443	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-21476	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37137	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21496	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-43797	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-21698	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-21496	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25636	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-25636	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-37137	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21434	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-4028	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-21443	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-37136	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-21434	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-4028	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21426	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37136	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21476	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0759	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21698	Trust: 0.2
url:	https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/voknp2l734ael47nrygvzikefoubqy5y/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jzzptwryqulaol3aw7rzjnvz2uonxcv4/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ns2d2gfpfgojul4wq3duay7hf4vwq77f/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/df62mvmh3qugmbdcb3dy2erq6ebhtadb/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/dczfijbjtz7cl5qxbfktq22q26vinruf/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xokfmsnq5d5wgmalbnbxu3ge442v74wu/	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:2218	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:2217	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0494	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1798	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29154	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-29154	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-2526	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2526	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-23852	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0494	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:6890	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1353	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1798	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1353	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23852	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1642	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/zlib/1:1.2.11.dfsg-2ubuntu7.1	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5355-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/zlib/1:1.2.11.dfsg-0ubuntu2.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/zlib/1:1.2.11.dfsg-2ubuntu1.3	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:2213	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-31036	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-31034	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-31035	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-31034	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-31016	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-31035	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-31016	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-31036	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:5152	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3634	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24904	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24905	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3737	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-24904	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3639	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:4690	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-41617	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29165	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41617	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3639	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3737	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-25219	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3634	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-4189	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-29165	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-4189	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-24905	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-25219	Trust: 0.1

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 167140 // PACKETSTORM: 167122 // PACKETSTORM: 168696 // PACKETSTORM: 166892 // PACKETSTORM: 167133 // PACKETSTORM: 167568 // PACKETSTORM: 167225

SOURCES

db:	VULHUB	id:	VHN-418557
db:	PACKETSTORM	id:	167140
db:	PACKETSTORM	id:	167122
db:	PACKETSTORM	id:	168696
db:	PACKETSTORM	id:	166892
db:	PACKETSTORM	id:	166552
db:	PACKETSTORM	id:	167133
db:	PACKETSTORM	id:	167568
db:	PACKETSTORM	id:	167225
db:	NVD	id:	CVE-2018-25032

LAST UPDATE DATE

2025-06-26T21:17:23.095000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-418557	date:	2023-02-11T00:00:00
db:	NVD	id:	CVE-2018-25032	date:	2025-05-06T15:15:54.753

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-418557	date:	2022-03-25T00:00:00
db:	PACKETSTORM	id:	167140	date:	2022-05-12T15:53:27
db:	PACKETSTORM	id:	167122	date:	2022-05-12T15:38:35
db:	PACKETSTORM	id:	168696	date:	2022-10-12T13:22:05
db:	PACKETSTORM	id:	166892	date:	2022-04-29T12:34:11
db:	PACKETSTORM	id:	166552	date:	2022-03-31T16:34:15
db:	PACKETSTORM	id:	167133	date:	2022-05-12T15:51:01
db:	PACKETSTORM	id:	167568	date:	2022-06-22T15:07:32
db:	PACKETSTORM	id:	167225	date:	2022-05-19T15:53:12
db:	NVD	id:	CVE-2018-25032	date:	2022-03-25T09:15:08.187