Search for vulnerabilities
Vulnerability details: VCID-7sex-snjb-mbby
Vulnerability ID VCID-7sex-snjb-mbby
Aliases CVE-2022-37434
Summary
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-787 Out-of-bounds Write
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37434.json
epss 0.92678 https://api.first.org/data/v1/epss?cve=CVE-2022-37434
epss 0.92678 https://api.first.org/data/v1/epss?cve=CVE-2022-37434
epss 0.92678 https://api.first.org/data/v1/epss?cve=CVE-2022-37434
epss 0.92678 https://api.first.org/data/v1/epss?cve=CVE-2022-37434
cvssv3.1 8.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux High https://security.archlinux.org/AVG-2821
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37434.json
https://api.first.org/data/v1/epss?cve=CVE-2022-37434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/curl/curl/issues/9271
https://github.com/ivd38/zlib_overflow
https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063
https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1
https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764
http://www.openwall.com/lists/oss-security/2022/08/05/2
http://www.openwall.com/lists/oss-security/2022/08/09/1
1016710 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016710
2116639 https://bugzilla.redhat.com/show_bug.cgi?id=2116639
AVG-2821 https://security.archlinux.org/AVG-2821
CVE-2022-37434 https://nvd.nist.gov/vuln/detail/CVE-2022-37434
RHSA-2022:7106 https://access.redhat.com/errata/RHSA-2022:7106
RHSA-2022:7314 https://access.redhat.com/errata/RHSA-2022:7314
RHSA-2022:7793 https://access.redhat.com/errata/RHSA-2022:7793
RHSA-2022:8291 https://access.redhat.com/errata/RHSA-2022:8291
RHSA-2022:8841 https://access.redhat.com/errata/RHSA-2022:8841
RHSA-2023:1095 https://access.redhat.com/errata/RHSA-2023:1095
RHSA-2024:0254 https://access.redhat.com/errata/RHSA-2024:0254
USN-5570-1 https://usn.ubuntu.com/5570-1/
USN-5570-2 https://usn.ubuntu.com/5570-2/
USN-5573-1 https://usn.ubuntu.com/5573-1/
USN-6736-1 https://usn.ubuntu.com/6736-1/
USN-6736-2 https://usn.ubuntu.com/6736-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37434.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.99741
EPSS Score 0.92678
Published At Aug. 17, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:32:31.247423+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.18/community.json 37.0.0