- Revenera Community
- :
- InstallShield
- :
- InstallShield Forum
- :
- Zlib vulnerability CVE-2022-37434
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
Hi Experts,
We use InstallShield for our software and we noticed a 9.8 rated critical finding in our latest OSS scan. The finding is related to Zlib. See: https://nvd.nist.gov/vuln/detail/CVE-2022-37434
Apparently this vulnerability can only be exploited if a specific method - inflateGetHeader - is called. Therefore I'd like to know if InstallShield 2021 is affected.
So far there is no hotfix by Zlib, but there's already a request on GitHub. https://github.com/madler/zlib/issues/692
Best regards,
Daniel
Hello @danielkfl
This is Venkat Donga, Product Manager for InstallShield. Thanks for bringing this to our attention. We have reviewed this vulnerability and in our analysis it seems to affect apps only if the method 'inflateGetHeader' from zlib is invoked. Neither InstallShield nor other third party components used in InstallShield are calling this method.
So, it's safe to say that InstallShield is not affected by this vulnerability.
Please let us know if you have any further questions on this.
Thanks for this Daniel - I've sent this across to our Installshield Developers so they are aware of this and we'll update this thread as soon as we have more information.
Hello @danielkfl
This is Venkat Donga, Product Manager for InstallShield. Thanks for bringing this to our attention. We have reviewed this vulnerability and in our analysis it seems to affect apps only if the method 'inflateGetHeader' from zlib is invoked. Neither InstallShield nor other third party components used in InstallShield are calling this method.
So, it's safe to say that InstallShield is not affected by this vulnerability.
Please let us know if you have any further questions on this.
Many thanks for the quicky analysis!