Main Vulnerability Database Exploits ID:8489 - Exploit for Heap-based buffer overflow in Zlib - CVE-2022-37434

ID:8489 - Exploit for Heap-based buffer overflow in Zlib - CVE-2022-37434

Published: October 17, 2022

Vulnerability identifier: #VU66153

Vulnerability risk: High

CVE-ID: CVE-2022-37434

CWE-ID: CWE-122

Exploitation vector: Remote access

Vulnerable software:
Zlib

Link to public exploit:

https://github.com/xen0bit/CVE-2022-37434_poc

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a large gzip header within inflateGetHeader in inflate.c. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

ID:8489 - Exploit for Heap-based buffer overflow in Zlib - CVE-2022-37434

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human