Skip to content

[zlib-table] Fix potential vulnerable cloned functions #18527

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 5, 2025

Conversation

npt-1707
Copy link
Contributor

Description
This PR fixes a potential vulnerability in inflate_table() that was cloned from zlib but did not receive the security patch. The original issue was reported and fixed under madler/zlib@6a04314.
This PR applies the same patch to eliminate the vulnerability.

References
https://nvd.nist.gov/vuln/detail/CVE-2016-9840
madler/zlib@6a04314

@npt-1707 npt-1707 requested a review from dpiparo as a code owner April 27, 2025 17:50
Copy link

github-actions bot commented Apr 28, 2025

Test Results

    18 files      18 suites   3d 20h 45m 32s ⏱️
 2 731 tests  2 703 ✅ 0 💤 28 ❌
47 713 runs  47 685 ✅ 0 💤 28 ❌

For more details on these failures, see this check.

Results for commit 0eb0307.

♻️ This comment has been updated with latest results.

@ferdymercury ferdymercury added this to the 6.36.00 milestone Apr 28, 2025
@dpiparo dpiparo requested a review from couet April 28, 2025 07:15
@ferdymercury ferdymercury changed the title Fix potential vulnerable cloned functions [zlib-table] Fix potential vulnerable cloned functions Apr 28, 2025
@dpiparo dpiparo requested a review from pcanal April 28, 2025 07:19
@dpiparo dpiparo assigned dpiparo and unassigned couet Apr 28, 2025
@dpiparo dpiparo merged commit 4c90d18 into root-project:master May 5, 2025
34 of 41 checks passed
@npt-1707
Copy link
Contributor Author

npt-1707 commented May 8, 2025

Thanks for merging this PR, @dpiparo!

Just wanted to let you know that I plan to report this as a CVE. Please let me know if you have any concern. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants