We use InstallShield for our software and we noticed a 9.8 rated critical finding in our latest OSS scan. The finding is related to Zlib. See: https://nvd.nist.gov/vuln/detail/CVE-2022-37434 Apparently this vulnerability can only be exploited if a specific method - inflateGetHeader - is called. Therefore I'd like to know if InstallShield 2021 is affected.
This is Venkat Donga, Product Manager for InstallShield. Thanks for bringing this to our attention. We have reviewed this vulnerability and in our analysis it seems to affect apps only if the method 'inflateGetHeader' from zlib is invoked. Neither InstallShield nor other third party components used in InstallShield are calling this method.
So, it's safe to say that InstallShield is not affected by this vulnerability.
Please let us know if you have any further questions on this.
Thanks for this Daniel - I've sent this across to our Installshield Developers so they are aware of this and we'll update this thread as soon as we have more information.
This is Venkat Donga, Product Manager for InstallShield. Thanks for bringing this to our attention. We have reviewed this vulnerability and in our analysis it seems to affect apps only if the method 'inflateGetHeader' from zlib is invoked. Neither InstallShield nor other third party components used in InstallShield are calling this method.
So, it's safe to say that InstallShield is not affected by this vulnerability.
Please let us know if you have any further questions on this.
