Zlib Critical Vulnerability

1. zip-ada

   1 3 28 9.0 Ada

   Zip-Ada: a standalone, portable pure Ada library for .zip archives. Includes LZMA and BZip2 byte stream encoder & decoder pairs.

   

2. CodeRabbit

   coderabbit.ai featured

   CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

   

3. ZLib

   2 51 6,122 9.3 C

   A massively spiffy yet delicately unobtrusive compression library.

   

   These appears to be the relevant changes:

   2022-07-30: https://github.com/madler/zlib/commit/eff308af425b67093bab25...

   2022-08-08: https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae3...

   The second commit definitely fixed a null pointer dereference, I am not sure if the CVE is referencing something else that was fixed by the first commit.

4. zlib-ng

   3 19 1,750 9.1 C

   zlib replacement with optimizations for "next generation" systems.

   

   Zlib-ng doesn't contain the same code, but it appears that their equivalent inflate() when used with their inflateGetHeader() implementation was affected by a similar problem: https://github.com/zlib-ng/zlib-ng/pull/1328

   Also similarly, most client code will be unaffected because `state->head` will be NULL, because they (most client code) won't have used inflateGetHeader() at all.

5. hardsqlite

   4 3 1 0.0 C

   Work on hardened sqlite (see link for build instructions)

   

Suggest a related project