9.8
CRITICAL
CVE-2022-37434
zlib Heap-Based Buffer Over-Read Buffer Overflow
Description

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

INFO

Published Date :

Aug. 5, 2022, 7:15 a.m.

Last Modified :

May 30, 2025, 8:15 p.m.

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
Public PoC/Exploit Available at Github

CVE-2022-37434 has a 33 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2022-37434 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Netapp active_iq_unified_manager
2 Netapp ontap_select_deploy_administration_utility
3 Netapp oncommand_workflow_automation
4 Netapp h300s_firmware
5 Netapp h500s_firmware
6 Netapp h700s_firmware
7 Netapp storagegrid
8 Netapp hci_compute_node
9 Netapp h300s
10 Netapp h500s
11 Netapp h700s
12 Netapp hci
13 Netapp management_services_for_element_software
1 Apple macos
2 Apple iphone_os
3 Apple watchos
4 Apple ipados
1 Fedoraproject fedora
1 Debian debian_linux
1 Hitachienergy lumada_asset_performance_management
1 Stormshield stormshield_network_security
1 Zlib zlib
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2022-37434.

URL Resource
http://seclists.org/fulldisclosure/2022/Oct/37 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/38 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/41 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/42 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/08/05/2 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/08/09/1 Mailing List Patch Third Party Advisory
https://github.com/curl/curl/issues/9271 Exploit Issue Tracking Third Party Advisory
https://github.com/ivd38/zlib_overflow Exploit Third Party Advisory
https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063 Exploit Third Party Advisory
https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d
https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 Patch Third Party Advisory
https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764 Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20220901-0005/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20230427-0007/ Third Party Advisory
https://support.apple.com/kb/HT213488 Third Party Advisory
https://support.apple.com/kb/HT213489 Third Party Advisory
https://support.apple.com/kb/HT213490 Third Party Advisory
https://support.apple.com/kb/HT213491 Third Party Advisory
https://support.apple.com/kb/HT213493 Third Party Advisory
https://support.apple.com/kb/HT213494 Third Party Advisory
https://www.debian.org/security/2022/dsa-5218 Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/37 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/38 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/41 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/42 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/08/05/2 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/08/09/1 Mailing List Patch Third Party Advisory
https://github.com/curl/curl/issues/9271 Exploit Issue Tracking Third Party Advisory
https://github.com/ivd38/zlib_overflow Exploit Third Party Advisory
https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063 Exploit Third Party Advisory
https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 Patch Third Party Advisory
https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764 Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20220901-0005/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20230427-0007/ Third Party Advisory
https://support.apple.com/kb/HT213488 Third Party Advisory
https://support.apple.com/kb/HT213489 Third Party Advisory
https://support.apple.com/kb/HT213490 Third Party Advisory
https://support.apple.com/kb/HT213491 Third Party Advisory
https://support.apple.com/kb/HT213493 Third Party Advisory
https://support.apple.com/kb/HT213494 Third Party Advisory
https://www.debian.org/security/2022/dsa-5218 Third Party Advisory
https://github.com/curl/curl/issues/9271 Exploit Issue Tracking Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Fairwinds Base Image Finder CLI docker, fairwinds-incubator, security, vulnerabilities

Dockerfile Makefile Go

Updated: 3 days, 2 hours ago
0 stars 0 fork 0 watcher
Born at : June 2, 2025, 4:24 a.m. This repo has been linked 7 different CVEs too.

Fairwinds Base Image Finder CLI docker, fairwinds-incubator, security, vulnerabilities

Dockerfile Makefile Go

Updated: 1 month ago
41 stars 0 fork 0 watcher
Born at : May 3, 2025, 9:33 p.m. This repo has been linked 7 different CVEs too.

None

Python Dockerfile Shell HTML CSS JavaScript

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : April 25, 2025, 4:26 p.m. This repo has been linked 1 different CVEs too.

Full Changelog

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : April 22, 2025, 2:26 p.m. This repo has been linked 1 different CVEs too.

None

PHP CSS JavaScript Dockerfile

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : March 25, 2025, 3:26 a.m. This repo has been linked 19 different CVEs too.

None

Updated: 3 months ago
0 stars 0 fork 0 watcher
Born at : March 1, 2025, 9:04 a.m. This repo has been linked 6 different CVEs too.

Fairwinds Base Image Finder CLI docker, fairwinds-incubator, security, vulnerabilities

Dockerfile Makefile Go

Updated: 3 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : Feb. 26, 2025, 1:04 p.m. This repo has been linked 7 different CVEs too.

Fairwinds Base Image Finder CLI docker, fairwinds-incubator, security, vulnerabilities

Dockerfile Makefile Go

Updated: 3 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : Feb. 12, 2025, 10:04 p.m. This repo has been linked 7 different CVEs too.

Fairwinds Base Image Finder CLI docker, fairwinds-incubator, security, vulnerabilities

Dockerfile Makefile Go

Updated: 3 months, 3 weeks ago
105 stars 12 fork 12 watcher
Born at : Feb. 9, 2025, 11:04 a.m. This repo has been linked 7 different CVEs too.

A Terraform config to demonstrate the tagging on a Nomad job spec for a container image with vulnerability image info sourced from Prisma cloud

HCL

Updated: 4 months ago
0 stars 0 fork 0 watcher
Born at : Jan. 28, 2025, 11:50 a.m. This repo has been linked 26 different CVEs too.

None

Dockerfile Roff Java

Updated: 7 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : Oct. 7, 2024, 8:52 a.m. This repo has been linked 127 different CVEs too.

Trivy를 활용한 Docker 이미지 취약점을 분석하는 법에 대해 다룬 Repository 입니다.

Python Shell

Updated: 6 months, 3 weeks ago
0 stars 1 fork 1 watcher
Born at : Sept. 25, 2024, 3:02 a.m. This repo has been linked 5 different CVEs too.

All CVE - PoC in GitHub

poc proofofconcept tester allcve cvegithub cvenew cvepoc cveupdate

Updated: 1 month, 2 weeks ago
11 stars 3 fork 3 watcher
Born at : March 22, 2024, 3:58 p.m. This repo has been linked 931 different CVEs too.

None

Updated: 1 year, 2 months ago
1 stars 0 fork 0 watcher
Born at : March 11, 2024, 1:21 p.m. This repo has been linked 935 different CVEs too.

None

CMake Makefile C SAS CLIPS Pascal Ada Assembly C# C++

Updated: 1 year, 4 months ago
0 stars 0 fork 0 watcher
Born at : Feb. 2, 2024, 2:25 p.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2022-37434 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2022-37434 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    May. 30, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-120
    Added Reference https://github.com/curl/curl/issues/9271
  • CVE Modified by [email protected]

    May. 02, 2025

    Action Type Old Value New Value
    Added Reference https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference http://seclists.org/fulldisclosure/2022/Oct/37
    Added Reference http://seclists.org/fulldisclosure/2022/Oct/38
    Added Reference http://seclists.org/fulldisclosure/2022/Oct/41
    Added Reference http://seclists.org/fulldisclosure/2022/Oct/42
    Added Reference http://www.openwall.com/lists/oss-security/2022/08/05/2
    Added Reference http://www.openwall.com/lists/oss-security/2022/08/09/1
    Added Reference https://github.com/curl/curl/issues/9271
    Added Reference https://github.com/ivd38/zlib_overflow
    Added Reference https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063
    Added Reference https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1
    Added Reference https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764
    Added Reference https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/
    Added Reference https://security.netapp.com/advisory/ntap-20220901-0005/
    Added Reference https://security.netapp.com/advisory/ntap-20230427-0007/
    Added Reference https://support.apple.com/kb/HT213488
    Added Reference https://support.apple.com/kb/HT213489
    Added Reference https://support.apple.com/kb/HT213490
    Added Reference https://support.apple.com/kb/HT213491
    Added Reference https://support.apple.com/kb/HT213493
    Added Reference https://support.apple.com/kb/HT213494
    Added Reference https://www.debian.org/security/2022/dsa-5218
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Modified Analysis by [email protected]

    Jul. 19, 2023

    Action Type Old Value New Value
    Changed Reference Type http://seclists.org/fulldisclosure/2022/Oct/37 No Types Assigned http://seclists.org/fulldisclosure/2022/Oct/37 Mailing List, Third Party Advisory
    Changed Reference Type http://seclists.org/fulldisclosure/2022/Oct/38 No Types Assigned http://seclists.org/fulldisclosure/2022/Oct/38 Mailing List, Third Party Advisory
    Changed Reference Type http://seclists.org/fulldisclosure/2022/Oct/42 No Types Assigned http://seclists.org/fulldisclosure/2022/Oct/42 Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ No Types Assigned https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ Mailing List, Third Party Advisory
    Changed Reference Type https://security.netapp.com/advisory/ntap-20230427-0007/ No Types Assigned https://security.netapp.com/advisory/ntap-20230427-0007/ Third Party Advisory
    Added CPE Configuration OR *cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:* versions from (including) 3.7.31 up to (excluding) 3.7.34 *cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:* versions from (including) 3.11.0 up to (excluding) 3.11.22 *cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:* versions from (including) 4.3.0 up to (excluding) 4.3.16 *cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:* versions from (including) 4.6.0 up to (excluding) 4.6.3
  • CVE Modified by [email protected]

    Apr. 27, 2023

    Action Type Old Value New Value
    Removed Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/ [Mailing List, Third Party Advisory]
    Removed Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ [Mailing List, Third Party Advisory]
    Removed Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ [Mailing List, Third Party Advisory]
    Removed Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ [Mailing List, Third Party Advisory]
    Removed Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ [Mailing List, Third Party Advisory]
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ [No Types Assigned]
    Added Reference http://seclists.org/fulldisclosure/2022/Oct/37 [No Types Assigned]
    Added Reference http://seclists.org/fulldisclosure/2022/Oct/38 [No Types Assigned]
    Added Reference https://security.netapp.com/advisory/ntap-20230427-0007/ [No Types Assigned]
    Added Reference http://seclists.org/fulldisclosure/2022/Oct/42 [No Types Assigned]
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ [No Types Assigned]
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ [No Types Assigned]
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/ [No Types Assigned]
    Added Reference https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ [No Types Assigned]
  • CPE Deprecation Remap by [email protected]

    Jan. 09, 2023

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:* versions from (excluding) 15.7.1 OR *cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* versions from (excluding) 15.7.1
  • Modified Analysis by [email protected]

    Nov. 16, 2022

    Action Type Old Value New Value
    Changed Reference Type http://seclists.org/fulldisclosure/2022/Oct/41 No Types Assigned http://seclists.org/fulldisclosure/2022/Oct/41 Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ Third Party Advisory https://lists.fedoraproject.org/archives/list/[email protected]/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ Third Party Advisory https://lists.fedoraproject.org/archives/list/[email protected]/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ Mailing List, Third Party Advisory
    Changed Reference Type https://support.apple.com/kb/HT213488 No Types Assigned https://support.apple.com/kb/HT213488 Third Party Advisory
    Changed Reference Type https://support.apple.com/kb/HT213489 No Types Assigned https://support.apple.com/kb/HT213489 Third Party Advisory
    Changed Reference Type https://support.apple.com/kb/HT213490 No Types Assigned https://support.apple.com/kb/HT213490 Third Party Advisory
    Changed Reference Type https://support.apple.com/kb/HT213491 No Types Assigned https://support.apple.com/kb/HT213491 Third Party Advisory
    Changed Reference Type https://support.apple.com/kb/HT213493 No Types Assigned https://support.apple.com/kb/HT213493 Third Party Advisory
    Changed Reference Type https://support.apple.com/kb/HT213494 No Types Assigned https://support.apple.com/kb/HT213494 Third Party Advisory
    Added CPE Configuration OR *cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:* versions up to (excluding) 15.7.1 *cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to (excluding) 15.7.1 *cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions from (including) 16.0 up to (excluding) 16.1 *cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* versions from (including) 11.0 up to (excluding) 11.7.1 *cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* versions from (including) 12.0.0 up to (excluding) 12.6.1 *cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* versions up to (excluding) 9.1
  • CVE Modified by [email protected]

    Oct. 30, 2022

    Action Type Old Value New Value
    Added Reference http://seclists.org/fulldisclosure/2022/Oct/41 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 27, 2022

    Action Type Old Value New Value
    Added Reference https://support.apple.com/kb/HT213493 [No Types Assigned]
    Added Reference https://support.apple.com/kb/HT213494 [No Types Assigned]
    Added Reference https://support.apple.com/kb/HT213491 [No Types Assigned]
    Added Reference https://support.apple.com/kb/HT213488 [No Types Assigned]
    Added Reference https://support.apple.com/kb/HT213489 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 27, 2022

    Action Type Old Value New Value
    Added Reference https://support.apple.com/kb/HT213490 [No Types Assigned]
  • Modified Analysis by [email protected]

    Oct. 27, 2022

    Action Type Old Value New Value
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html No Types Assigned https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/ No Types Assigned https://lists.fedoraproject.org/archives/list/[email protected]/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ No Types Assigned https://lists.fedoraproject.org/archives/list/[email protected]/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ No Types Assigned https://lists.fedoraproject.org/archives/list/[email protected]/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ No Types Assigned https://lists.fedoraproject.org/archives/list/[email protected]/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ No Types Assigned https://lists.fedoraproject.org/archives/list/[email protected]/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ Mailing List, Third Party Advisory
    Changed Reference Type https://security.netapp.com/advisory/ntap-20220901-0005/ No Types Assigned https://security.netapp.com/advisory/ntap-20220901-0005/ Third Party Advisory
    Changed Reference Type https://www.debian.org/security/2022/dsa-5218 No Types Assigned https://www.debian.org/security/2022/dsa-5218 Third Party Advisory
    Added CPE Configuration OR *cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* *cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* *cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* *cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* *cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:* *cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    Sep. 16, 2022

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ [No Types Assigned]
  • CVE Modified by [email protected]

    Sep. 14, 2022

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ [No Types Assigned]
  • CVE Modified by [email protected]

    Sep. 12, 2022

    Action Type Old Value New Value
    Added Reference https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html [No Types Assigned]
  • CVE Modified by [email protected]

    Sep. 02, 2022

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/ [No Types Assigned]
  • CVE Modified by [email protected]

    Sep. 01, 2022

    Action Type Old Value New Value
    Added Reference https://security.netapp.com/advisory/ntap-20220901-0005/ [No Types Assigned]
  • CVE Modified by [email protected]

    Aug. 31, 2022

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ [No Types Assigned]
  • CVE Modified by [email protected]

    Aug. 26, 2022

    Action Type Old Value New Value
    Added Reference https://www.debian.org/security/2022/dsa-5218 [No Types Assigned]
  • CVE Modified by [email protected]

    Aug. 18, 2022

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ [No Types Assigned]
  • Initial Analysis by [email protected]

    Aug. 11, 2022

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type http://www.openwall.com/lists/oss-security/2022/08/05/2 No Types Assigned http://www.openwall.com/lists/oss-security/2022/08/05/2 Mailing List, Third Party Advisory
    Changed Reference Type http://www.openwall.com/lists/oss-security/2022/08/09/1 No Types Assigned http://www.openwall.com/lists/oss-security/2022/08/09/1 Mailing List, Patch, Third Party Advisory
    Changed Reference Type https://github.com/curl/curl/issues/9271 No Types Assigned https://github.com/curl/curl/issues/9271 Exploit, Issue Tracking, Third Party Advisory
    Changed Reference Type https://github.com/ivd38/zlib_overflow No Types Assigned https://github.com/ivd38/zlib_overflow Exploit, Third Party Advisory
    Changed Reference Type https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063 No Types Assigned https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063 Exploit, Third Party Advisory
    Changed Reference Type https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 No Types Assigned https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 Patch, Third Party Advisory
    Changed Reference Type https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764 No Types Assigned https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764 Exploit, Third Party Advisory
    Added CWE NIST CWE-787
    Added CPE Configuration OR *cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:* versions up to (including) 1.2.12
  • CVE Modified by [email protected]

    Aug. 09, 2022

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2022/08/09/1 [No Types Assigned]
  • CVE Modified by [email protected]

    Aug. 08, 2022

    Action Type Old Value New Value
    Added Reference https://github.com/curl/curl/issues/9271 [No Types Assigned]
  • CVE Modified by [email protected]

    Aug. 06, 2022

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2022/08/05/2 [No Types Assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2022-37434 is associated with the following CWEs:

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

92.68 }} 0.16%

score

0.99745

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
© cvefeed.io
Latest DB Update: Jun. 05, 2025 6:40