CVE-2018-25032 on u-boot zlib
Gan, Yau Wai
yau.wai.gan at intel.com
Thu Apr 21 08:31:44 CEST 2022
This is to report that CVE is detected during u-boot scanning. Sending to open mailing list as get_maintainer suggested.
The current zlib version used in u-boot contains CVE-2018-25032 [1].
Corresponding fix in zlib mainline has been addressed in v1.2.12 [2].
It is required to upgrade zlib in u-boot to that version or later to mitigate the CVE.
[1] https://www.cve.org/CVERecord?id=CVE-2018-25032
[2] https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
- Yau Wai
More information about the U-Boot
mailing list