Search for vulnerabilities
Vulnerability details: VCID-mtzw-nkcm-wfcn
Vulnerability ID VCID-mtzw-nkcm-wfcn
Aliases CVE-2018-25032
GHSA-jc36-42cf-vqwj
GHSA-v6gp-9mmm-c6p5
GMS-2022-787
Summary Out-of-bounds Write in zlib affects Nokogiri ## Summary Nokogiri v1.13.4 updates the vendored zlib from 1.2.11 to 1.2.12, which addresses [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032). That CVE is scored as CVSS 7.4 "High" on the NVD record as of 2022-04-05. Please note that this advisory only applies to the CRuby implementation of Nokogiri `< 1.13.4`, and only if the packaged version of `zlib` is being used. Please see [this document](https://nokogiri.org/LICENSE-DEPENDENCIES.html#default-platform-release-ruby) for a complete description of which platform gems vendor `zlib`. If you've overridden defaults at installation time to use system libraries instead of packaged libraries, you should instead pay attention to your distro's `zlib` release announcements. ## Mitigation Upgrade to Nokogiri `>= v1.13.4`. ## Impact ### [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032) in zlib - **Severity**: High - **Type**: [CWE-787](https://cwe.mitre.org/data/definitions/787.html) Out of bounds write - **Description**: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-787 Out-of-bounds Write
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
cvssv3 8.2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25032.json
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2018-25032
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2018-25032
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2018-25032
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2018-25032
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2018-25032
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2018-25032
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2018-25032
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2018-25032
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2018-25032
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2018-25032
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2018-25032
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2018-25032
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2018-25032
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2018-25032
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2018-25032
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2018-25032
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2018-25032
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2018-25032
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2018-25032
cvssv3.1 7.5 https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf
generic_textual HIGH https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf
ssvc Track https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf
cvssv3.1 7.5 http://seclists.org/fulldisclosure/2022/May/33
generic_textual HIGH http://seclists.org/fulldisclosure/2022/May/33
ssvc Track http://seclists.org/fulldisclosure/2022/May/33
cvssv3.1 7.5 http://seclists.org/fulldisclosure/2022/May/35
generic_textual HIGH http://seclists.org/fulldisclosure/2022/May/35
ssvc Track http://seclists.org/fulldisclosure/2022/May/35
cvssv3.1 7.5 http://seclists.org/fulldisclosure/2022/May/38
generic_textual HIGH http://seclists.org/fulldisclosure/2022/May/38
ssvc Track http://seclists.org/fulldisclosure/2022/May/38
cvssv3.1 8.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.5 https://github.com/advisories/GHSA-jc36-42cf-vqwj
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-jc36-42cf-vqwj
generic_textual HIGH https://github.com/advisories/GHSA-jc36-42cf-vqwj
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-v6gp-9mmm-c6p5
cvssv3.1 7.5 https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
generic_textual HIGH https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
ssvc Track https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
cvssv3.1 7.5 https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
generic_textual HIGH https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
ssvc Track https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
cvssv3.1 7.5 https://github.com/madler/zlib/issues/605
generic_textual HIGH https://github.com/madler/zlib/issues/605
ssvc Track https://github.com/madler/zlib/issues/605
cvssv3.1 7.5 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-25032.yml
generic_textual HIGH https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-25032.yml
cvssv3.1 7.5 https://github.com/sparklemotion/nokogiri
generic_textual HIGH https://github.com/sparklemotion/nokogiri
cvssv3.1 7.5 https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
generic_textual HIGH https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
cvssv3 7.5 https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
cvssv3.1 7.5 https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
cvssv3.1_qr HIGH https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
generic_textual HIGH https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
cvssv3.1 7.5 https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer
generic_textual HIGH https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
ssvc Track https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
ssvc Track https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html
ssvc Track https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-25032
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2018-25032
archlinux High https://security.archlinux.org/AVG-2657
cvssv3.1 7.5 https://security.gentoo.org/glsa/202210-42
generic_textual HIGH https://security.gentoo.org/glsa/202210-42
ssvc Track https://security.gentoo.org/glsa/202210-42
cvssv3.1 7.5 https://security.netapp.com/advisory/ntap-20220526-0009
generic_textual HIGH https://security.netapp.com/advisory/ntap-20220526-0009
cvssv3.1 7.5 https://security.netapp.com/advisory/ntap-20220526-0009/
ssvc Track https://security.netapp.com/advisory/ntap-20220526-0009/
cvssv3.1 7.5 https://security.netapp.com/advisory/ntap-20220729-0004
generic_textual HIGH https://security.netapp.com/advisory/ntap-20220729-0004
cvssv3.1 7.5 https://security.netapp.com/advisory/ntap-20220729-0004/
ssvc Track https://security.netapp.com/advisory/ntap-20220729-0004/
cvssv3.1 7.5 https://support.apple.com/kb/HT213255
generic_textual HIGH https://support.apple.com/kb/HT213255
ssvc Track https://support.apple.com/kb/HT213255
cvssv3.1 7.5 https://support.apple.com/kb/HT213256
generic_textual HIGH https://support.apple.com/kb/HT213256
ssvc Track https://support.apple.com/kb/HT213256
cvssv3.1 7.5 https://support.apple.com/kb/HT213257
generic_textual HIGH https://support.apple.com/kb/HT213257
ssvc Track https://support.apple.com/kb/HT213257
cvssv3.1 7.5 https://www.debian.org/security/2022/dsa-5111
generic_textual HIGH https://www.debian.org/security/2022/dsa-5111
ssvc Track https://www.debian.org/security/2022/dsa-5111
cvssv3.1 7.5 https://www.openwall.com/lists/oss-security/2022/03/24/1
generic_textual HIGH https://www.openwall.com/lists/oss-security/2022/03/24/1
ssvc Track https://www.openwall.com/lists/oss-security/2022/03/24/1
cvssv3.1 7.5 https://www.openwall.com/lists/oss-security/2022/03/28/1
generic_textual HIGH https://www.openwall.com/lists/oss-security/2022/03/28/1
ssvc Track https://www.openwall.com/lists/oss-security/2022/03/28/1
cvssv3.1 7.5 https://www.openwall.com/lists/oss-security/2022/03/28/3
generic_textual HIGH https://www.openwall.com/lists/oss-security/2022/03/28/3
ssvc Track https://www.openwall.com/lists/oss-security/2022/03/28/3
cvssv3.1 7.5 https://www.oracle.com/security-alerts/cpujul2022.html
generic_textual HIGH https://www.oracle.com/security-alerts/cpujul2022.html
ssvc Track https://www.oracle.com/security-alerts/cpujul2022.html
cvssv3.1 7.5 http://www.openwall.com/lists/oss-security/2022/03/25/2
generic_textual HIGH http://www.openwall.com/lists/oss-security/2022/03/25/2
ssvc Track http://www.openwall.com/lists/oss-security/2022/03/25/2
cvssv3.1 7.5 http://www.openwall.com/lists/oss-security/2022/03/26/1
generic_textual HIGH http://www.openwall.com/lists/oss-security/2022/03/26/1
ssvc Track http://www.openwall.com/lists/oss-security/2022/03/26/1
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25032.json
https://api.first.org/data/v1/epss?cve=CVE-2018-25032
https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
http://seclists.org/fulldisclosure/2022/May/33
http://seclists.org/fulldisclosure/2022/May/35
http://seclists.org/fulldisclosure/2022/May/38
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/advisories/GHSA-jc36-42cf-vqwj
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
https://github.com/madler/zlib/issues/605
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-25032.yml
https://github.com/sparklemotion/nokogiri
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
https://nvd.nist.gov/vuln/detail/CVE-2018-25032
https://security.gentoo.org/glsa/202210-42
https://security.netapp.com/advisory/ntap-20220526-0009
https://security.netapp.com/advisory/ntap-20220526-0009/
https://security.netapp.com/advisory/ntap-20220729-0004
https://security.netapp.com/advisory/ntap-20220729-0004/
https://support.apple.com/kb/HT213255
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213257
https://www.debian.org/security/2022/dsa-5111
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://www.openwall.com/lists/oss-security/2022/03/28/1
https://www.openwall.com/lists/oss-security/2022/03/28/3
https://www.oracle.com/security-alerts/cpujul2022.html
http://www.openwall.com/lists/oss-security/2022/03/25/2
http://www.openwall.com/lists/oss-security/2022/03/26/1
1008265 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008265
2067945 https://bugzilla.redhat.com/show_bug.cgi?id=2067945
ASA-202204-3 https://security.archlinux.org/ASA-202204-3
AVG-2657 https://security.archlinux.org/AVG-2657
DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/
DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/
GHSA-v6gp-9mmm-c6p5 https://github.com/advisories/GHSA-v6gp-9mmm-c6p5
JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/
NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
RHSA-2022:1591 https://access.redhat.com/errata/RHSA-2022:1591
RHSA-2022:1642 https://access.redhat.com/errata/RHSA-2022:1642
RHSA-2022:1661 https://access.redhat.com/errata/RHSA-2022:1661
RHSA-2022:2192 https://access.redhat.com/errata/RHSA-2022:2192
RHSA-2022:2197 https://access.redhat.com/errata/RHSA-2022:2197
RHSA-2022:2198 https://access.redhat.com/errata/RHSA-2022:2198
RHSA-2022:2201 https://access.redhat.com/errata/RHSA-2022:2201
RHSA-2022:2213 https://access.redhat.com/errata/RHSA-2022:2213
RHSA-2022:2214 https://access.redhat.com/errata/RHSA-2022:2214
RHSA-2022:4584 https://access.redhat.com/errata/RHSA-2022:4584
RHSA-2022:4592 https://access.redhat.com/errata/RHSA-2022:4592
RHSA-2022:4845 https://access.redhat.com/errata/RHSA-2022:4845
RHSA-2022:4896 https://access.redhat.com/errata/RHSA-2022:4896
RHSA-2022:5439 https://access.redhat.com/errata/RHSA-2022:5439
RHSA-2022:7144 https://access.redhat.com/errata/RHSA-2022:7144
RHSA-2022:7813 https://access.redhat.com/errata/RHSA-2022:7813
RHSA-2022:8420 https://access.redhat.com/errata/RHSA-2022:8420
RHSA-2023:0943 https://access.redhat.com/errata/RHSA-2023:0943
RHSA-2023:0975 https://access.redhat.com/errata/RHSA-2023:0975
RHSA-2023:0976 https://access.redhat.com/errata/RHSA-2023:0976
USN-5355-1 https://usn.ubuntu.com/5355-1/
USN-5355-2 https://usn.ubuntu.com/5355-2/
USN-5359-1 https://usn.ubuntu.com/5359-1/
USN-5359-2 https://usn.ubuntu.com/5359-2/
USN-5739-1 https://usn.ubuntu.com/5739-1/
USN-6736-1 https://usn.ubuntu.com/6736-1/
USN-6736-2 https://usn.ubuntu.com/6736-2/
VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
XOKFMSNQ5D5WGMALBNBXU3GE442V74WU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25032.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://seclists.org/fulldisclosure/2022/May/33
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at http://seclists.org/fulldisclosure/2022/May/33
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://seclists.org/fulldisclosure/2022/May/35
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at http://seclists.org/fulldisclosure/2022/May/35
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://seclists.org/fulldisclosure/2022/May/38
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at http://seclists.org/fulldisclosure/2022/May/38
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/advisories/GHSA-jc36-42cf-vqwj
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/madler/zlib/issues/605
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://github.com/madler/zlib/issues/605
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-25032.yml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/sparklemotion/nokogiri
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-25032
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202210-42
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://security.gentoo.org/glsa/202210-42
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20220526-0009
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20220526-0009/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://security.netapp.com/advisory/ntap-20220526-0009/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20220729-0004
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20220729-0004/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://security.netapp.com/advisory/ntap-20220729-0004/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://support.apple.com/kb/HT213255
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://support.apple.com/kb/HT213255
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://support.apple.com/kb/HT213256
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://support.apple.com/kb/HT213256
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://support.apple.com/kb/HT213257
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://support.apple.com/kb/HT213257
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2022/dsa-5111
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://www.debian.org/security/2022/dsa-5111
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.openwall.com/lists/oss-security/2022/03/24/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://www.openwall.com/lists/oss-security/2022/03/24/1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.openwall.com/lists/oss-security/2022/03/28/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://www.openwall.com/lists/oss-security/2022/03/28/1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.openwall.com/lists/oss-security/2022/03/28/3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://www.openwall.com/lists/oss-security/2022/03/28/3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.oracle.com/security-alerts/cpujul2022.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at https://www.oracle.com/security-alerts/cpujul2022.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2022/03/25/2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at http://www.openwall.com/lists/oss-security/2022/03/25/2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2022/03/26/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/ Found at http://www.openwall.com/lists/oss-security/2022/03/26/1
Exploit Prediction Scoring System (EPSS)
Percentile 0.23324
EPSS Score 0.00075
Published At Aug. 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:04:56.394928+00:00 Ruby Importer Import https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-25032.yml 37.0.0