CVE advisoryCRITICAL
CVE-2022-37434
zlib inflate Heap-Based Buffer Over-read or Overflow
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A vulnerability in the zlib compression library may allow for a heap-based buffer over-read or overflow when processing a large gzip header extra field. This could impact confidentiality, integrity, or availability if applications using zlib call the `inflateGetHeader` function. Uncertainty exists regarding which speci