cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
HarryHengster
Level 3

CVE-2022-37434 in MSI build with InstallShield 2022 R1

Jump to solution

We are building our setup with InstallShield 2022 R1 Standalone Build.
BDBA scan of the generated MSI file reports CVE-2022-37434 for zlib 1.2.12 in the following files:
- Binary.ISPrereqLauncher
- Binary.ISSetup.dll

Is there a workaround to mitigate the CVE?
When does Revenera plan to migrate to latest zlib version?

Labels (1)
0 Kudos
(1) Solution
shunt
Revenera Moderator Revenera Moderator
Revenera Moderator


Installshield 2022 R2 includes zlib 1.2.13
Hope this helps,
Stuart

View solution in original post

(6) Replies
shunt
Revenera Moderator Revenera Moderator
Revenera Moderator

This CVE reports that only apps that call zlib's 'inflateGetHeader' method are affected.

Neither InstallShield nor other third party components used in InstallShield are calling this method and therefore Installshield is not affected by this vulnerability.

I hope this helps.

Thanks for the information, which is fine to remediate the CVE for the cyber security report of our next release.
Could you anyway share some insights on the roadmap to migrate InstallShield to new zlib version? 

0 Kudos
HarryHengster
Level 3

Any update on the InstallShield  roadmap for migration to latest zlib libary?

 

0 Kudos
shunt
Revenera Moderator Revenera Moderator
Revenera Moderator


Installshield 2022 R2 includes zlib 1.2.13
Hope this helps,
Stuart

Hello @shunt , On the similar lines, BDBA scan report of MSI built with IS2023R1 shows that zlib is detected for Binary.ISPrereqLauncher (Zlib 1.2.13), Binary.ISSetup.dll(no version) and Setup.exe (no version). 

Would you let know the version of zlib used in Installshield 2023 R1 ? It would also be helpful if you could point to 'Non-Commercial Software Disclosures Form' if available for Installshield software.

@shunt , @vdonga  -  A gentle reminder, do let me know on query regarding zlib version in IS2023R1.

ThankYou!

0 Kudos