Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2020-0368

Good to know:

icon

Date: February 22, 2020

Zlib in versions v0.8 to v1.2.11 is vulnerable to use-of-uninitialized-value in inflate. There are a couple of places in inflate() where UPDATE is called with state->check as its first parameter, without a guarantee that this value has been initialized (state comes from a ZALLOC in inflateInit). This causes use of uninitialized check value.

Language: C

Severity Score

Related Resources (3)

https://github.com/opencv/opencv/commit/8afb2f0cb7a712d03dd58a2873fc449215df153d
https://github.com/madler/zlib/issues/245
https://www.mend.io/vulnerability-database/WS-2020-0368

Severity Score

Weakness Type (CWE)

Use of Uninitialized Variable

CWE-457

Top Fix

icon

Upgrade Version

Upgrade to version assimp-sys - no_fix;tcod-sys - no_fix;cmake-native - 3.20.1;cmake-native - 3.15.5;cmake-native - no_fix;cmake-native - 3.7.0;cmake-native - 3.22.0;cmake-native - 3.17.3;cmake-native - 3.23.1;cargo - 1.60.0;cargo - 1.57.0;cargo - no_fix;cmake - 3.23.1;cmake - 3.22.1;cmake - 3.7.0;cmake - 3.15.5;cmake - no_fix;cmake - 3.18.2;cmake - 3.20.1;zlib_vc14_xp - no_fix;binutils-cross-testsuite - 2.37;binutils-cross-testsuite - no_fix;jpegxl-src - 0.10.2;gdcm-rs - no_fix;zlib-src-sys - 0.1.1;zlib-src-sys - no_fix;binutils - 2.28;binutils - no_fix;binutils - 2.35;unzip-rs - no_fix;librocksdb-sys - 6.28.2;openjpeg-sys - 1.0.11;hdf5 - 0.7.1;gdcm_conv - 0.1.7;mentalist - no_fix;mentalist - 0.2.3;namigator-sys - no_fix;libz-sys - 1.1.9;libz-sys - 1.0.26;libz-sys - 1.1.14;libz-sys - 1.0.19;autogenerated-assimp-sys - no_fix;casclib - no_fix;mappum-librocksdb-sys - no_fix;electrs-librocksdb-sys - no_fix;musix - no_fix;fitsio-sys - no_fix;sealy - no_fix;vowpalwabbit-sys - no_fix;cmdstan - 2.32.1;nss - no_fix;minizip-sys - no_fix;freesasa-sys - no_fix;bioconductor-netreg - 1.13.1;slamdunk - 0.4.0;git - 0.3.0;openexr-sys - no_fix;gdb - 11.1;gdb - 7.11.1;gdb - 10.1;zlib_v140_xp - no_fix;freeimage-sys - no_fix;libstd-rs - 1.57.0;bjam-native - 1.73.0;boost - no_fix;boost - 1.73.0;ccache - 4.1;ccache - 3.3.3;in3-sys - no_fix;ckb-librocksdb-sys - no_fix;libgit2 - 1.3.0;ghostscript - 9.55.0;mediainfolib-rs - no_fix;bazel - 5.2.0;fltk-sys - 1.3.28;mozjs_sys - no_fix;blosc-src - 0.2.2;fltk-fluid - 0.2.0;tcl - 8.6.11;ekiden-grpcio-sys - no_fix;seal_fhe - no_fix;sentry-contrib-native-sys - no_fix;sudo - 1.8.32;rocks-sys - 0.1.10;rttrust - 0.1.1;mupdf-sys - 0.4.0;blosc-sys - 1.14.2;qpdf-sys - 0.3.2;libgit2-sys - 0.13.5+1.4.5;syslinux - no_fix;libxlsxwriter-sys - 1.1.4;jp2k - 0.3.0;omsl - no_fix;openjpeg2-sys - no_fix;crashpad-sys - no_fix;grpcio-sys - 0.5.0;org.webjars.npm:nodegit:no_fix;org.webjars.npm:grpc:no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us