FreeBSD-SA-22:13.zlib : zlib heap buffer overflow
Versions Affected : All versions prior to TrueNAS 13.0-U2
Description
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.
Applications that call inflateGetHeader may be vulnerable to a buffer overflow. Note that inflateGetHeader is not used by anything in the FreeBSD base system, but may be used by third party software.
Workaround
No workaround is available, but applications that do not call inflateGetHeader are not vulnerable.
Mitigation
- Upgrade to TrueNAS 13.0-U3 or later.