Skip to content

libz CVE-2022-37434

Moderate
etungsten published GHSA-w5mr-8397-m99w Nov 17, 2022

Package

libz (bottlerocket)

Affected versions

< 1.11.0

Patched versions

1.11.0

Description

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.

Severity

Moderate

CVE ID

CVE-2022-37434

Weaknesses

No CWEs