Zlib Critical Vulnerability

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
  • zip-ada

    Zip-Ada: a standalone, portable Ada library for .zip archives. Includes LZMA byte stream encoder & decoder pair.

  • ZLib

    A massively spiffy yet delicately unobtrusive compression library.

    These appears to be the relevant changes:

    2022-07-30: https://github.com/madler/zlib/commit/eff308af425b67093bab25...

    2022-08-08: https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae3...

    The second commit definitely fixed a null pointer dereference, I am not sure if the CVE is referencing something else that was fixed by the first commit.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • zlib-ng

    zlib replacement with optimizations for "next generation" systems.

    Zlib-ng doesn't contain the same code, but it appears that their equivalent inflate() when used with their inflateGetHeader() implementation was affected by a similar problem: https://github.com/zlib-ng/zlib-ng/pull/1328

    Also similarly, most client code will be unaffected because `state->head` will be NULL, because they (most client code) won't have used inflateGetHeader() at all.

  • hardsqlite

    Work on hardened sqlite (see link for build instructions)

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts