CVE-2018-25032

CVE Database · CVE-2018-25032

CVE-2018-25032

· HIGHAnalyzed

CVSS v3.1

7.5

EPSS

51.73%

Published

Mar 25, 2022

Modified

Aug 21, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-787CWE-787

Affected Products (73)

nokogiri · nokogiri (up to 1.13.4)vulnerable

python · python (up to 3.7.14)vulnerable

python · python (up to 3.8.14)vulnerable

python · python (up to 3.9.13)vulnerable

python · python (up to 3.10.5)vulnerable

microsoft · windows

zlib · zlib (up to 1.2.12)vulnerable

debian · debian_linuxvulnerable

References (20)

http://seclists.org/fulldisclosure/2022/May/33

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/May/35

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/May/38

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2022/03/25/2

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2022/03/26/1

ExploitMailing ListThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs

debian · debian_linux

fedoraproject · fedoravulnerable

apple · mac_os_x (up to 10.15.7)vulnerable

apple · mac_os_xvulnerable

apple · macos (up to 11.6.6)vulnerable

apple · macos (up to 12.4)vulnerable

mariadb · mariadb (up to 10.3.36)vulnerable

mariadb · mariadb (up to 10.4.26)vulnerable

mariadb · mariadb (up to 10.5.17)vulnerable

mariadb · mariadb (up to 10.6.9)vulnerable

mariadb · mariadb (up to 10.7.5)vulnerable

mariadb · mariadb (up to 10.8.4)vulnerable

mariadb · mariadb (up to 10.9.2)vulnerable

netapp · active_iq_unified_managervulnerable

netapp · e-series_santricity_os_controllervulnerable

netapp · management_services_for_element_softwarevulnerable

netapp · oncommand_workflow_automationvulnerable

netapp · ontap_select_deploy_administration_utilityvulnerable

netapp · hci_compute_nodevulnerable

netapp · h300s_firmwarevulnerable

netapp · h500s_firmwarevulnerable

netapp · h700s_firmwarevulnerable

netapp · h410s_firmwarevulnerable

https://github.com/madler/zlib/issues/605

Issue TrackingPatchThird Party Advisory