[Incident]: Some users report they are unable to access the case portal. Please see this community notice for more information.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Vulnerability : CVE-2022-37434

Vulnerability : CVE-2022-37434

 

NVD: 2022/08/05 - CVSS v3.1

Base Score: 9.8:

Description:

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.

NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference)

The zlib third party is not directly used by FNP. It comes with Thales dongle support .

CVE-2022-37434  does not impact FNP directly .

The zlib will be upgraded to latest in Thales 8.5 LDK version which is planned for release in Oct 2022.

Labels (3)
Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Aug 25, 2022 01:05 AM
Updated by:
Contributors