CVE-2018-25032 (High) detected in ubootv2016.09.01

[mend-bolt-for-github]

CVE-2018-25032 - High Severity Vulnerability

Vulnerable Library - ubootv2016.09.01

Library home page: https://github.com/fall513/uboot.git

Found in HEAD commit: e003f8ec3a51e24e565b17a8e75e5398d5717863

Vulnerable Source Files (2)

/lib/zlib/deflate.h
/lib/zlib/deflate.h

Vulnerability Details

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Publish Date: 2022-03-25

URL: CVE-2018-25032

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-25032

Release Date: 2022-03-25

Fix Resolution: libstd-rs - 1.57.0;bioconductor-netreg - 1.13.1;tcl - 8.6.11;sudo - 1.8.32;bjam-native - 1.74.0;ccache - 4.1,3.3.4;libgit2 - 1.3.0;cmake - 3.19.5,3.7.2,3.7.0,3.22.0,3.17.3;slamdunk - 0.4.0;rsync - 3.2.1;cmake-native - 3.15.5,3.18.4,3.17.3,3.22.0,3.7.0;mentalist - 0.2.3;ghostscript - 9.55.0

---

Step up your Open Source Security Game with Mend here