Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-4624

Update zlib to 1.2.13+

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Unknown Unknown
    • 1.24.0
    • Affects Version/s: 1.22.1
    • Component/s: None
    • None

      The bundled version zlib 1.2.12 is outdated and is affected by a known vulnerability, CVE-2018-25032:

      https://nvd.nist.gov/vuln/detail/CVE-2018-25032

      The changelog of the recently released zlib 1.2.13 recommends to update.
      Quote from https://zlib.net/

      Version 1.2.13 has these key updates from 1.2.12:

      • Fix a bug when getting a gzip header extra field with inflateGetHeader(). This remedies CVE-2022-37434.
      • Fix a bug in block type selection when Z_FIXED used. Now the smallest block type is selected, for better compression.
      • Fix a configure issue that discarded the provided CC definition.
      • Correct incorrect inputs provided to the CRC functions. This mitigates a bug in Java.
      • Repair prototypes and exporting of the new CRC functions.
      • Fix inflateBack to detect invalid input with distances too far.

      Due to the first bug fix, any installations of 1.2.12 or earlier should be replaced with 1.2.13.

            Assignee:
            kevin.albertson@mongodb.com Kevin Albertson
            Reporter:
            john.becker John Becker
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: