Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Description: zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
The **CVSS Base Score** is a score from **0 to 10** that represents the intrinsic severity of a vulnerability. A higher score indicates greater severity.
Database CWE: v4.18
CWE-787: Out-of-bounds Write ↗
The product writes data past the end, or before the beginning, of the intended buffer.
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ↗
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Fonte: MITRE CWE
The **EPSS (Exploit Prediction Scoring System)** is a score from **0 to 1** that indicates the **probability** that a vulnerability will be exploited in the real world in the next 30 days. A higher value indicates a greater likelihood of exploitation.
The **Percentile** indicates how much higher this vulnerability's EPSS score is compared to all other vulnerabilities in the EPSS database. For example, a percentile of 0.90 (90%) means that 90% of vulnerabilities have an EPSS score equal to or lower than the current one.
*Data updated as of: 2025-12-17
The **CISA KEV Catalog** lists vulnerabilities that have been **actively exploited in the real world**. If a CVE is present in this catalog, it indicates that the threat is immediate and mitigation should be a top priority.
CVE **CVE-2022-37434** is not present in the CISA KEV Catalog. This indicates that it is not currently classified by CISA as an actively exploited vulnerability.